cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1327
Views
0
Helpful
10
Replies

Reg. ASA 5510 Base license mgmt interface query

ankurs2008
Level 1
Level 1

Hi

Can we configure ASA 5510 with base license to make the management interface run as the data interface . If yes , let me know
if there is any document for the same

10 Replies 10

Hi,

As far as I'm aware, you can use the management interface as a data interface by just changing the ''management-only'' under the interface.

The restriction based on license is if you have a base license all five interfaces are 10/100, but if you have the security plus license, 2 of those interfaces can run at 10/100/1000

Federico.

Please let me know if there is document available regarding the same .

Hi

I cud not finding anything related to the above question in the URL given

That link says you can turn the management interface into a data interface with the command ''no management-only'' and there's no license required to do that.

I happen to have an ASA-5510 with Base License sitting here with me:

GTI-Secure# sh ver

Cisco Adaptive Security Appliance Software Version 8.0(4)
Detected an old ASDM version.
You will need to upgrade it before using ASDM.

Compiled on Thu 07-Aug-08 20:53 by builders
System image file is "disk0:/asa804-k8.bin"
Config file at boot was "startup-config"

GTI-Secure up 117 days 9 hours

Hardware:   ASA5510-K8, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash AT49LW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05
0: Ext: Ethernet0/0         : address is 000a.b89c.c802, irq 9
1: Ext: Ethernet0/1         : address is 000a.b89c.c803, irq 9
2: Ext: Ethernet0/2         : address is 000a.b89c.c804, irq 9
3: Ext: Ethernet0/3         : address is 000a.b89c.c805, irq 9
4: Ext: Management0/0       : address is 000a.b89c.c806, irq 11
5: Int: Not used            : irq 11
6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited
Maximum VLANs                : 50       
Inside Hosts                 : Unlimited
Failover                     : Disabled
VPN-DES                      : Enabled  
VPN-3DES-AES                 : Enabled  
Security Contexts            : 0        
GTP/GPRS                     : Disabled 
VPN Peers                    : 250      
WebVPN Peers                 : 2        
AnyConnect for Mobile        : Disabled 
AnyConnect for Linksys phone : Disabled 
Advanced Endpoint Assessment : Disabled 
UC Proxy Sessions            : 2       

This platform has a Base license.

interface Management0/0
shutdown
no nameif
no security-level
no ip address
management-only


GTI-Secure(config)#
GTI-Secure(config)#
GTI-Secure(config)# int mana
GTI-Secure(config)# int management 0/0
GTI-Secure(config-if)# no management-only

GTI-Secure(config-if)# exit

interface Management0/0
shutdown
no nameif
no security-level
no ip address

So, the management interface can be used as a data interface.

Federico.

Hi

Please go through this link

https://supportforums.cisco.com/docs/DOC-4296/version/1

I agree that the "no management-only " command is accepted by ASA 5510 with base license , as i do have a customer firewall which accepts that However can you please check if the through traffic traverses across that or not .Thanks !

hi halijenn

can you please clarify this

Yes, the management interface can be used to pass normal data traffic when you disable "management-only" from the management interface with ASA 5510 base license when you are running version 7.2.2 and above if i am not mistaken. The earlier version of code with ASA 5510 base license only allows the management interface as management only interface, not data traffic.

Hi halijenn

Can you please let me know if this NetPro document is correct or not which clearly says that Management interface would require Sec plus license to have data interface functionality enabled in 5510.

https://supportforums.cisco.com/docs/DOC-4296/version/1

The document is correct for the earlier version of ASA code. The later version of code supports management interface as a data or pass through interface.

Initially when ASA 5510 was just introduced, base license was only restricted to 3 interfaces with 1 management interface (that only allows mgmt traffic). However, since 7.2.2, ASA 5510 with base license allow 5 interfaces, and the mgmt interface can be used to pass traffic.

Review Cisco Networking for a $25 gift card