01-16-2017 11:06 AM - edited 03-12-2019 01:47 AM
Hi Everyone,
I am facing an issue with my network traffic. The issue is my Firewall has 5 Interfaces
1 - Outside
2 - DMZ
3- Network A
4- Failver
5- management
nameif inside
security-level 100
ip address 10.10.10.1 255.255.255.0 standby 10.10.10.2
Now when i don't have Inside interface left, i configured Management as inside interface by giving nameif inside, and 100 security level,
but there is no traffic passing through it.. May i know what is left, how can we configure management interface as normal interface.
(I'm trying no management-only but its not working)
Thanks
ASA 5510 8.3(2)
01-16-2017 12:11 PM
Looks like you might need the security plus license to enable through traffic features for the mgmt interface. More details here:
https://supportforums.cisco.com/document/22211/management-interface-asa-does-not-allow-traffic-pass-through-it-and-asa-4-418001
01-16-2017 12:18 PM
Hi Rahul,
Thanks for the reply, seems this is not the issue
##This platform has an ASA 5510 Security Plus license.
01-16-2017 12:23 PM
Can you paste the interface configuration? Also are you trying to send traffic from something connected on that interface? Could you apply a capture on the management interface to see if you see the traffic entering the ASA? Once you see traffic, run a packet-tracer to see what happens to the traffic sourced from that interface.
01-16-2017 12:40 PM
its pretty basic
interface Management0/0
description "Inside/Management"
nameif inside
security-level 100
ip address 10.10.10.1 255.255.255.0 standby 10.10.10.2
On captures i can see incoming traffic on management interface but no reply from destination server on outside interface. (i suspect if traffic is even leaving the management interface)
Packet tracer results in all allow.
01-16-2017 01:03 PM
Can you capture traffic on the outside interface and see if the traffic makes it through the ASA just to be sure ? Also any syslogs showing up when traffic fails?
01-16-2017 04:09 PM
In capture yes i can see traffic on outside. yes it has traffic passing through. Is there any way to see traffic status reaching at firewalll and their processing.
01-16-2017 06:17 PM
You can use the following command:
packet-tracer input inside tcp <inside-host> 12345 <outside-host> 80 detailed
If you are seeing packets sent from management interface host on the outside inside, then the management interface is working correctly. You might have to make sure it is hitting the right NAT rules to reach the internet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide