Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1020
Views
0
Helpful
3
Replies

Managing ASA-5508X from FMC on additional interfaces or change ASA mgmt IPs in preparation for move

baskervi
Level 1
Level 1

‎03-11-2021 09:49 AM

We have a pair of ASA-5508X firewalls configured as Active-Standby HA that is being configured in through the FMC on the management interface on a test network. These ASAs will be moved to our DR location, so the management IPs we're currently using will not be available after the move. However, the other interface IPs are correct for the new location.

 

What is needed to make sure we can continue managing the ASAs from the FMC after moving them to the new location? I can potentially see one option is to use the MPLS interface to manage, and the other is to change the management IP. I'm not quite sure what to do with the changes to the FMC.

 

Thanks

0 Helpful
3 Replies 3

Sheraz.Salim
VIP
VIP

‎03-11-2021 12:10 PM

Does your ASA5508 is running ASA code and SFR module or your running your ASA5508 as FTD and Managed from FMC?

 

please do not forget to rate.
0 Helpful

baskervi
Level 1
Level 1
In response to Sheraz.Salim

‎03-11-2021 12:19 PM

It's running FTD and managed by FMC.

0 Helpful

Sheraz.Salim
VIP
VIP
In response to baskervi

‎03-11-2021 01:18 PM - edited ‎03-11-2021 01:20 PM

Thank you for the confirmation.

 

 

What is needed to make sure we can continue managing the ASAs from the FMC after moving them to the new location? I can potentially see one option is to use the MPLS interface to manage, and the other is to change the management IP. I'm not quite sure what to do with the changes to the FMC.

 

- you can change the managment ip address of your FTD from FMC.

Devices--->Devices Managment--->FTD--->Devices---Managment

 

FTD_MGMT.PNG

 

or you can do it from fxos

 

Step 1

Connect to the FXOS CLI (see Accessing the FXOS CLI).
Step 2

To configure an IPv4 management IP address:

  1. Set the scope for fabric-interconnect a:

    Firepower-chassis# scope fabric-interconnect a

  2. To view the current management IP address, enter the following command:

    Firepower-chassis /fabric-interconnect # show

  3. Enter the following command to configure a new management IP address and gateway:

    Firepower-chassis /fabric-interconnect # set out-of-band ip ip_address netmask network_mask gw gateway_ip_address

  4. Commit the transaction to the system configuration:

    Firepower-chassis /fabric-interconnect* # commit-buffer

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/fxos201/cli-config/b_CLI_ConfigGuide_FXOS_201/system_administration.html

please do not forget to rate.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card