Solved: What is the function of MGMT port of Cisco asa ?

sulochana.das1 · ‎03-21-2016

What is the function of MGMT port of Cisco asa ? I am looking detail about this .

Marius Gunnerud · ‎03-21-2016

Also, keep in mind that to access the ASA remotely over VPN you will need to add the route-lookup keyword at the end of the NAT exempt statement (This is as of ASA version 9.1 if I remember correctly)

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

sachintambat · ‎03-21-2016

Hi,

It is used for Out-of band management purpose if any network outage in Production Interface.

sulochana.das1 · ‎03-21-2016

Hi Marius ,

Thanks for the replying my question !

Hi Sachintambat , will you please explain me in detail about Out-of -band management. Actually I am looking for this so that I will remotely manage our asa . We really want to turn on/off remote asa using some technology.

Thanks a lot . I appreciate your help.

-Sulochana

Marius Gunnerud · ‎03-21-2016

Out of band just means it is a separate network used only for management traffic which is not accessible by any other network in your environment. So you basically build another network parallel to your data network.

As far as I know the ASA does not have an ILO feature (similar to what you get with HP servers). So turning on / off an ASA remotely is not possible, with the exception of just restarting the ASA.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Marius Gunnerud · ‎03-21-2016

If you are asking about the management-access command then this command restricts the interface this command is configured on to only accept management traffic or to the box traffic. such as SSH, HTTPS, SNMP, etc. Through the box data traffic is not permitted when this command is configured.

If you are talking about the managment interface itself then this is just a normal interface but it is limited to 100Mbps. You can remove the management-access command from this interface and use it as a normal data interface if you want.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

sulochana.das1 · ‎03-21-2016

Hi Marius,

Do you have any link for this so that I will grasp this in detail. We have asa and the port is shutdown. We want to utilize this port .I really want to learn detail about management-access command.

Thank you,

-Sulochana

Marius Gunnerud · ‎03-21-2016

management-access is used only over VPN (either remote access or site 2 site VPN). This allows the administrator to ping and access the defined interface defined by the management-access command. This is the only use for this command.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/access_management.html#wp1064497

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Marius Gunnerud · ‎03-21-2016

Also, keep in mind that to access the ASA remotely over VPN you will need to add the route-lookup keyword at the end of the NAT exempt statement (This is as of ASA version 9.1 if I remember correctly)

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts