I have seen some similar questions, but no definite answers, so I'll ask here. I have a CX module connected to a L3 switch on a management subnet. I want to use the managment interface of the ASA (since it is already connected for the CX) and place it also in the management subnet. The problem I have is the ASA sees it's management interface and routes for that traffic (and entire subnet). I need to manage these devices remotely from the outside. I would like the traffic to flow to the L3 switch via the inside interface and then route back to the management interface for the ASA and CX. Anyway to prevent the ASA from routing for the management traffic?
Crude drawing:
router
|
/30
|
outside int.
|
|
firewall
| |
| |
inside int mgmt int
| |
/30 L2
| |
L3 switch
I know I can remove the IP from the ASA's management interface to prevent the ASA from routing that traffic, but was looking to see if I can keep that mgmt address there.
Although just writing this out made me realize that it is the ASA not allowing management of one interface if the traffic originates through another. Still if you know of a way around this, it would be greatly appreciated.
5512-X 5525-X ASA_9.1.2
