Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
312
Views
0
Helpful
7
Replies

Use Management Inferface as Inside interface

pradeep.kashyap
Level 1
Level 1

‎01-16-2017 11:06 AM - edited ‎03-12-2019 01:47 AM

Hi Everyone,

I am facing an issue with my network traffic. The issue is my Firewall has 5 Interfaces 

1 - Outside

2 - DMZ

3- Network A

4- Failver

5- management 

nameif inside

security-level 100

 ip address 10.10.10.1 255.255.255.0 standby 10.10.10.2

Now when i don't have Inside interface left, i configured Management as inside interface by giving nameif inside, and 100 security level,

but there is no traffic passing through it.. May i know what is left, how can we configure management interface as normal interface.

(I'm trying no management-only but its not working)

Thanks

ASA 5510 8.3(2)

Labels:
0 Helpful
7 Replies 7

Rahul Govindan
VIP Alumni
VIP Alumni

‎01-16-2017 12:11 PM

Looks like you might need the security plus license to enable through traffic features for the mgmt interface. More details here:

https://supportforums.cisco.com/document/22211/management-interface-asa-does-not-allow-traffic-pass-through-it-and-asa-4-418001

0 Helpful

pradeep.kashyap
Level 1
Level 1
In response to Rahul Govindan

‎01-16-2017 12:18 PM

Hi Rahul,

Thanks for the reply, seems this is not the issue

##This platform has an ASA 5510 Security Plus license.

0 Helpful

Rahul Govindan
VIP Alumni
VIP Alumni
In response to pradeep.kashyap

‎01-16-2017 12:23 PM

Can you paste the interface configuration? Also are you trying to send traffic from something connected on that interface? Could you apply a capture on the management interface to see if you see the traffic entering the ASA? Once you see traffic, run a packet-tracer to see what happens to the traffic sourced from that interface.

0 Helpful

pradeep.kashyap
Level 1
Level 1
In response to Rahul Govindan

‎01-16-2017 12:40 PM

its pretty basic

interface Management0/0

description "Inside/Management"
nameif inside
security-level 100
ip address 10.10.10.1 255.255.255.0 standby 10.10.10.2

On captures i can see incoming traffic on management interface but no reply from destination server on outside interface. (i suspect if traffic is even leaving the management interface)

Packet tracer results in all allow.

0 Helpful

Rahul Govindan
VIP Alumni
VIP Alumni
In response to pradeep.kashyap

‎01-16-2017 01:03 PM

Can you capture traffic on the outside interface and see if the traffic makes it through the ASA just to be sure ? Also any syslogs showing up when traffic fails?

0 Helpful

pradeep.kashyap
Level 1
Level 1
In response to Rahul Govindan

‎01-16-2017 04:09 PM

In capture yes i can see traffic on outside. yes it has traffic passing through. Is there any way to see traffic status reaching at firewalll and their processing.

0 Helpful

Rahul Govindan
VIP Alumni
VIP Alumni
In response to pradeep.kashyap

‎01-16-2017 06:17 PM

You can use the following command:

packet-tracer input inside tcp <inside-host> 12345 <outside-host> 80 detailed

If you are seeing packets sent from management interface host on the outside inside, then the management interface is working correctly. You might have to make sure it is hitting the right NAT rules to reach the internet.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card