Q.In an ASA configured as a Transparent Firewall and in Multiple Context mode and a dedicated management interface is configured per context is it necessary to configure a management IP on the same subnet of the Inside/Outside interfaces in order to allow the traffic to pass through?
A: Yes. It is recommended to have management IP for a transparent firewall (or a context) in the same subnet that it lies in. This is used for traffic sourced from the firewall like syslogs, AAA, etc. So,management IP is a must for the transparent firewall even if we have a dedicated management interface. Refer the Information about Transparent Firewall for more details.
Q: Is it possible to share the management interface between contexts or we will have to use separate interfaces for each context?
A: No.For multiple context mode, each context must use different interfaces and you cannot share an interface across contexts. Refer the Transparent Firewall Guidelines for more information.
Q: Can a Management Interface be allocated to a context in an ASA configured as a Transparent firewall?
A: Yes.The transparent security appliance uses an inside interface and an outside interface only. If your platform includes a dedicated management interface, you can also configure the management interface or subinterface for management traffic only. Refer the Transparent Firewall Guidelines for more information.
I am successfully backing up running-config using Embedded Event Manager: event manager applet Backup-Configevent timer absolute time 1:00:00action 0 cli command "copy /noconfirm running-config tftp://guru/backups/asa-x-vpn-config-latest"output file ...
Hi folks, not really sure if this is the right place or not, seeking for your assistance on this matter, we have a pretty old ISE running 2.0 so we have started getting alerts of an intermediate certificate authority: Inter...
Community,I recently implemented FTD's and had a question. I am not seeing any Intrusion Events or Attackers populating in the Intrustion Events or Geolocation tabs in my dashboard. Is this because I have not yet enabled the "inspection" option in any of ...
Hi Guys, I have FTD/FMC setup for AnyConnect. The ISE is for authentication. In our AD's IT_Group_VPN which currently has almost 300 users for AnyConnect VPN. As setup today, everyone who is in this AD group 'IT_Group_VPN' would have acce...