01-24-2020 08:34 AM - edited 02-21-2020 09:51 AM
HI have a ASA instance on a Firepower 4420 device.
I have defined Eth1/1 as the management interface with ip address 10.80.80.5 255.255.255.0 and default gateway as 10.80.80.1
config
!
interface Ethernet1/1
management-only
nameif management
security-level 0
ip address 10.80.80.5 255.255.255.0
!
route management 0.0.0.0 0.0.0.0 10.80.80.1 1
========================================
Now I connect a PC with IP Address 10.80.80.1 /24 and unable to ping both ways,
I can see amber light on the port LED on firepower,
although the interface status is up
asa# show int ethernet 1/1
Interface Ethernet1/1 "management", is up, line protocol is up
Hardware is EtherSVI, BW 10000 Mbps, DLY 1000 usec
MAC address 00fd.2270.b67e, MTU 1500
IP address 10.80.80.5, subnet mask 255.255.255.0
Traffic Statistics for "management":
0 packets input, 0 bytes
91 packets output, 2548 bytes
0 packets dropped
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 3 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 3 bytes/sec
5 minute drop rate, 0 pkts/sec
Management-only interface. Blocked 0 through-the-device packets
asa#
Any lead will be great.
01-24-2020 08:44 AM
01-24-2020 10:47 AM
01-24-2020 11:36 AM
in that case, we need to more information, how is your Cabling connected to switch?
post switch config and tell us what port it was connected
is this port-channel connected Firepower chassis to switch?
01-24-2020 08:46 AM
have you configured below lines to permit ICMP,
if not add them and try
icmp unreachable rate-limit 1 burst-size 1
icmp permit any management
if you required inside interface ping add below line
icmp permit any inside
test and advise.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide