cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

ASA 5525-X management interface routing

darthnul
Level 1
Level 1

I am setting up a new active/standby pair of ASA 5525-X appliances.  They are currently running 9.4(2) code.  I have a couple of other ASA failover pairs in production but I never bothered setting up the management interface for those.

I thought I'd follow "best practices" and use the management interface this time but it seems the management interface uses the same routing table as the inside and outside firewalling/routing interfaces.  I kind of assumed this would be more like the management vrf setup used in switches but it's not even close.

Is it possible to restrict the control-plane traffic to using management0/0 and have "inside" hosts route to some of the same destinations via the "outside" interface?  For example, I want the ASA clock to synch to my internal NTP servers via the man0/0 but I need the servers to synch to those same NTP servers via the "outside" interface gi0/0.  What sort of routing gynastics are needed, and where might they be documented?

This installation is a little unusual as it i has no Internet connection.  It's just being used to segregate sensitive subnets from end-user and less sensitive (but "trusted") subnets.  OSPF is used throughout the network.

Who Me Too'd this topic