ASA cannot use the management interface if the SFR is being used.
The quick start guide for the 5525-x explains how the interfaces behave quite well I found:
https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5500X/5500x_quick_start.htmlGo through the doc but a snip from it:
Management 0/0 belongs to the ASA FirePOWER module. The interface is Up, but otherwise unconfigured on the ASA. The ASA FirePOWER module can then use this interface to access the ASA inside network and use the inside interface as the gateway to the Internet.
Note: Do not configure an IP address for this interface in the ASA configuration. Only configure an IP address in the FirePOWER configuration. You should consider this interface as completely separate from the ASA in terms of routing.
ASDM access on the inside interface
NAT : Interface PAT for all traffic from inside and management to outside.
Note: If you want to deploy a separate router on the inside network, then you can route between management and inside. In this case, you can manage both the ASA and ASA FirePOWER module on Management 0/0 with the appropriate configuration changes.
Treat the SFR as a 'separate' appliance that uses the management port to connect (for SFR management). Once you get Firepower configured you can add routes in the firepower interface (ASDM or FMC or the SFR CLI)
If you are NOT going to use the SFR module then you CAN use the management interface in the ASA configuration.
You should also disable the SFR module in the config see
https://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/firewall/asa-firewall-cli/modules-sfr.html#pgfId-1486644correct for showing management routes, "show route management-only" always takes me a few tries of show route x.x.x.x before I remember.
Regards
