That would normally indicate

tolinrome tolinrome · ‎05-24-2017

I have a ASA firewall and am not able to ping the management interface from my laptop. From the config I have (pasted below), it seems I shoudl be able to ping it no problem. The cable from the mgmt port is plugged into a switch that also has the cable from the inside interface and the laptop. The gateway of the mgmt interface is the inside interface ip.

I do not want to attempt to do a setup of the sourcefire software since I do not have a .PKG file available.

What can I do to make sure this is configured correctly? Thanks.

interface GigabitEthernet1/2
description Inside
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0

interface Management1/1
management-only
no nameif
no security-level
no ip address

> show network
===============[ System Information ]===============
Hostname                  : Sourcefire5508X-123
Domains                   : example.net
DNS Servers               : 8.8.4.4
                                      8.8.8.8
                            192.168.10.1
Management port           : 8305
IPv4 Default route
Gateway                 : 192.168.10.1

======================[ eth0 ]======================
State                     : Enabled
Channels                  : Management & Events
Mode                      : Non-Autonegotiation
MDI/MDIX                  : Auto/MDIX
MTU                       : 1500
MAC Address               : CC:16:7E:98:C4:46
----------------------[ IPv4 ]----------------------
Configuration             : Manual
Address                   : 192.168.10.2
Netmask                   : 255.255.255.0
Broadcast                 : 192.168.10.255
----------------------[ IPv6 ]----------------------
Configuration             : Disabled

===============[ Proxy Information ]================
State                     : Disabled
Authentication            : Disabled

>

Marvin Rhoads · ‎05-24-2017

Is the 192.168.10.2 management address populating in your ARP cache when you attempt to ping it?

tolinrome tolinrome · ‎05-24-2017

No, it does not.

Marvin Rhoads · ‎05-24-2017

That would normally indicate an issue with the switch configuration. Can you share the output of the switch bits as follows:

show int <id of physical interface where the ASA management port connects>

show int vlan<vlan of the SVI/gateway on the switch>

tolinrome tolinrome · ‎05-24-2017

Its actually a neatgear switch that is probably unmanaged, not a Cisco switch. The inside int of the asa is not a sub int with a a vlan, just a port with an ip.

Marvin Rhoads · ‎05-24-2017

OK. If it's a simple unmanaged switch then there should not be any VLANs or other way to mis-configure it.

Can you possibly plug the laptop directly into the m1/1 port and manually assign it the gateway address just to test it that way?

tolinrome tolinrome · ‎05-24-2017

I tried that but not possible since both interfaces (inside and mgmt) are in the same subnet.

ERROR: Failed to apply IP address to interface Management1/1, as the network overlaps with interface GigabitEthernet1/2. Two interfaces cannot be in the same subnet.

tolinrome tolinrome · ‎05-24-2017

it was a bad cable. Problem solved. Thanks.

Marvin Rhoads · ‎05-25-2017

You're welcome.

What I was suggesting with plugging in directly wsa to set the PC address equal to the Inside address - just for testing.

In any case you've resolved it as a Layer 1 (cabling) issue. It certainly seemed like something external to the ASA in any case.

Sourcefire Config - Cannot ping MGMT Interface