Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
506
Views
5
Helpful
3
Replies

Need to change the Mgt interface to a different Vlan

ralphstaiano
Level 1
Level 1

‎09-29-2011 11:25 AM - edited ‎03-11-2019 02:32 PM

Hello all

I am working on a ASA that is in production so I need to bounce something off of you to see if my logic is correct.

I didn't build the box but I am supporting it.

My issue

my mgt interface is 192.168.23.1 When I use the packet trace tool to see what rule is denying me I find that 192.168.23 is setup on the mgt interface. Mgt interface is a implicit deny.

I need to move 192.168.23.1 mgt to a used interface. I would like to change my mgt interface 192.168.78 network.

Can I create a new addr on eth 2  and make it 192.168.23.2

Will I be able to log into the ASA on that interface. If so I can change the mgt interface to 192.168.78.2.

Once that is completed I will be able to access ASA via 192.168.78 network and work on adding rules to the .23 network.

Regards

Ralph

Labels:
0 Helpful
3 Replies 3

varrao
Level 10
Level 10

‎09-29-2011 11:27 AM

Hi ralph,

Could you please share teh output of "show run interface" from the AS, moreover what ASA model and version are you working on??

Thanks,

Varun

Thanks,
Varun Rao

ralphstaiano
Level 1
Level 1
In response to varrao

‎09-30-2011 06:22 AM

Hello Varun

Thank you for reaching out to help.

Result of the command: "show version"

Cisco Adaptive Security Appliance Software Version 8.0(3)
Device Manager Version 6.1(1)

Compiled on Tue 06-Nov-07 22:59 by builders
System image file is "disk0:/asa803-k8.bin"
Config file at boot was "startup-config"

scion up 99 days 15 hours

Hardware:   ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   :  CN1000-MC-BOOT-2.00
                             SSL/IKE microcode:  CNLite-MC-SSLm-PLUS-2.01
                             IPSec microcode  :  CNlite-MC-IPSECm-MAIN-2.04
0: Ext: Ethernet0/0         : address is 001d.4524.ca74, irq 9
1: Ext: Ethernet0/1         : address is 001d.4524.ca75, irq 9
2: Ext: Ethernet0/2         : address is 001d.4524.ca76, irq 9
3: Ext: Ethernet0/3         : address is 001d.4524.ca77, irq 9
4: Ext: Management0/0       : address is 001d.4524.ca73, irq 11
5: Int: Not used            : irq 11
6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited
Maximum VLANs                : 50       
Inside Hosts                 : Unlimited
Failover                     : Disabled
VPN-DES                      : Enabled  
VPN-3DES-AES                 : Enabled  
Security Contexts            : 0        
GTP/GPRS                     : Disabled 
VPN Peers                    : 250      
WebVPN Peers                 : 2        
AnyConnect for Mobile        : Disabled 
AnyConnect for Linksys phone : Disabled 
Advanced Endpoint Assessment : Disabled 

This platform has a Base license.

Never mind. You helped a great deal. by showing sh interface I noticed that the interface that I wanted to use is in use even though it's not documented as being in use.

I can't do this but let''s say I could would I be on the right track with my thought process.

Regards

Ralph

0 Helpful

varrao
Level 10
Level 10
In response to ralphstaiano

‎09-30-2011 06:26 AM

Hey, no issues, you can post in here again, if you face any issues. You are on the right track.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card