09-29-2011 11:25 AM - edited 03-11-2019 02:32 PM
Hello all
I am working on a ASA that is in production so I need to bounce something off of you to see if my logic is correct.
I didn't build the box but I am supporting it.
My issue
my mgt interface is 192.168.23.1 When I use the packet trace tool to see what rule is denying me I find that 192.168.23 is setup on the mgt interface. Mgt interface is a implicit deny.
I need to move 192.168.23.1 mgt to a used interface. I would like to change my mgt interface 192.168.78 network.
Can I create a new addr on eth 2 and make it 192.168.23.2
Will I be able to log into the ASA on that interface. If so I can change the mgt interface to 192.168.78.2.
Once that is completed I will be able to access ASA via 192.168.78 network and work on adding rules to the .23 network.
Regards
Ralph
09-29-2011 11:27 AM
Hi ralph,
Could you please share teh output of "show run interface" from the AS, moreover what ASA model and version are you working on??
Thanks,
Varun
09-30-2011 06:22 AM
Hello Varun
Thank you for reaching out to help.
Result of the command: "show version"
Cisco Adaptive Security Appliance Software Version 8.0(3)
Device Manager Version 6.1(1)
Compiled on Tue 06-Nov-07 22:59 by builders
System image file is "disk0:/asa803-k8.bin"
Config file at boot was "startup-config"
scion up 99 days 15 hours
Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.01
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Ext: Ethernet0/0 : address is 001d.4524.ca74, irq 9
1: Ext: Ethernet0/1 : address is 001d.4524.ca75, irq 9
2: Ext: Ethernet0/2 : address is 001d.4524.ca76, irq 9
3: Ext: Ethernet0/3 : address is 001d.4524.ca77, irq 9
4: Ext: Management0/0 : address is 001d.4524.ca73, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 50
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
VPN Peers : 250
WebVPN Peers : 2
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
This platform has a Base license.
Never mind. You helped a great deal. by showing sh interface I noticed that the interface that I wanted to use is in use even though it's not documented as being in use.
I can't do this but let''s say I could would I be on the right track with my thought process.
Regards
Ralph
09-30-2011 06:26 AM
Hey, no issues, you can post in here again, if you face any issues. You are on the right track.
Thanks,
Varun
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide