Hey Mc,For 3750X:http://www

Steve Coady · ‎08-21-2014

Question: How do I configure Management access to new WAN devices, hanging off a Prod switch, but that MUST NOT join or mingle with Prod network and have them route correctly across their own subnet?

I am going from a single Internet link to dual internet link.

New ASR, ASA and DMZ stack.
Only access to new devices is via Management interface via a management vlan that runs across the Prod network.
requires a default gateway of the Management vlan.

The ASR has a WAN link to ISP and will get the default gateway (DG) via BGP.

The ASA and the DMZ should point to the ASR HSRP address for it's DG
Configuring this default gateway to HSRP causes me to loose the Management access.

I have seperate eigrp instance on new devices.

sMc

SANTHOSHKUMAR SARAVANAN · ‎08-21-2014

Hi Mc ,

For Management access you can create VRF lite on your ASR , you can have deafult pointing to VRF. Data traffic from ASA and DMZ will not impacted .

HTH

Sandy

Steve Coady · ‎08-21-2014

Sandy

Thank you for the reply.

What about the 3750x and ASA5545x?

sMc

Rajeev Sharma · ‎08-21-2014

Hey Mc,

For 3750X:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750xscg/swiprout.html#wp1319347

For ASA5545x you may consider the following:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ha_contexts.html

HTH.

Regards,

RS.

SANTHOSHKUMAR SARAVANAN · ‎08-21-2014

Hi Mc,

On your ASA you can use dedicated management interface for device administration , on your 3750x also you can create SVI and define it under specific VRF.

HTH

Sandy

I apologize for this stupid question, but...