01-13-2014 06:17 AM - edited 03-11-2019 08:28 PM
In ASA transparent mode, Why it is necessary to keep management ip in the same subnet to that of connected network?
what if I keep management ip in diffrent subnet than that of connected network?
If I do so does the traffic move through the asa and why?
thanxs.
Solved! Go to Solution.
01-13-2014 09:44 AM
Hello Vijay,
As you say you can use another one, That's correct but the thing is that the management IP is not only used for management purporses.
That's were you are missing the point.
That IP address assigned to the ASA as a whole will also be used for ARP requests when the ASA does not know where the destination hosts lies and it's not on the same subnet than the ASA.
It will also be used as a source for packets going to a syslog server, AAA server, Netflow server, SNMP server and any packet that the ASA will need to create so with that in mind the routing of the network will need to be changed to work with this.
If you get to accomplish that the routing of the network works with a different Management IP address on the transparent address then you can do it. I can ensure you I have seen this scenario before working with no issues at all bud.
Just to remember rate all of the helpful posts like this one
Looking for some Networking Assistance?
Contact me directly at jcarvaja@laguiadelnetworking.com
I will fix your problem ASAP.
Cheers,
Julio Carvajal Segura
http://laguiadelnetworking.com
01-13-2014 09:44 AM
Hello Vijay,
As you say you can use another one, That's correct but the thing is that the management IP is not only used for management purporses.
That's were you are missing the point.
That IP address assigned to the ASA as a whole will also be used for ARP requests when the ASA does not know where the destination hosts lies and it's not on the same subnet than the ASA.
It will also be used as a source for packets going to a syslog server, AAA server, Netflow server, SNMP server and any packet that the ASA will need to create so with that in mind the routing of the network will need to be changed to work with this.
If you get to accomplish that the routing of the network works with a different Management IP address on the transparent address then you can do it. I can ensure you I have seen this scenario before working with no issues at all bud.
Just to remember rate all of the helpful posts like this one
Looking for some Networking Assistance?
Contact me directly at jcarvaja@laguiadelnetworking.com
I will fix your problem ASAP.
Cheers,
Julio Carvajal Segura
http://laguiadelnetworking.com
01-13-2014 10:29 AM
Thanx jcarvaja ...
01-13-2014 10:31 AM
Hello Vijay,
Any time Sr.
Looking for some Networking Assistance?
Contact me directly at jcarvaja@laguiadelnetworking.com
I will fix your problem ASAP.
Cheers,
Julio Carvajal Segura
http://laguiadelnetworking.com
01-13-2014 10:38 AM
thanxs for the reply Julio Carvajal Segura. If I want any assistance regarding networking I will contact you on your Email as you have specified.
Once again thanxs a lot.
01-13-2014 10:48 AM
Hello Vijay,
Sure, it will be my pleasure to work with you.
Looking for some Networking Assistance?
Contact me directly at jcarvaja@laguiadelnetworking.com
I will fix your problem ASAP.
Cheers,
Julio Carvajal Segura
http://laguiadelnetworking.com
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide