Solved: ASA INITIAL SETUP

fmugambi · ‎05-15-2024

Hello Guys,

Am setting up cisco asa 5555x, needed help with mgmt setup and be able to ssh from a different subnet.

have configured mgmt interface, give security level 100, /24 mgmt subnet. it can pick its default g/w but nothing else outside the g/w.

what would i be missing?

MHM Cisco World · ‎05-15-2024

the R3 do intervlan for the interwork and I success ping from PC 100.0.0.10 to mgmt 10.0.0.10
just you need route mgmt <PC subnet> <mgmt IP in L3 device that do inter vlan>

MHM

View solution in original post

MHM Cisco World · ‎05-15-2024

Management-access interface OUT

I think this what ypu need to access ASA via SSH from OUT

Also make sure you specify subnet

By

Ssh x.x.x.x x.x.x.x OUT

fmugambi · ‎05-15-2024

so no acl, no mgmt vrfs?

MHM Cisco World · ‎05-15-2024

Sorry I dont get your Q' can you more elaborate

MHM

MHM Cisco World · ‎05-15-2024

above what I mention only what you need

MHM

fmugambi · ‎05-15-2024

done this, but still no joy. not able to ssh.

fmugambi · ‎05-15-2024

was concerned since the mgmt subnet is say 192.168.100.0/24 and my laptop is on 10.189.10.100.

connectivity is already there cause i can manage other devices on 192.168.100.0/24 network. this new asa setup is what is abit challenging.

cant seem to see what am missing.

MHM Cisco World · ‎05-15-2024

if you can ping the ASA interface from the laptop (interface direct connect not mgmt interface) then

ssh 10.189.10.x 255.255.255.0 <interface X>

this interface X use in management-access interface x

fmugambi · ‎05-15-2024

this is where my problems begin, cause am not able to ping the mgmt interface.

MHM Cisco World · ‎05-15-2024

you can not ping mgmt interface by device connect to other interface of ASA

that why we need to use management-interface to make interface work as mgmt interface and data interface.
try ping from laptop to interface direct connect not to mgmt interface

MHM

fmugambi · ‎05-15-2024

this is how topology is.

so do you mean i use a different physical interface, say g0/7 rather than mgmt interface?

MHM Cisco World · ‎05-15-2024

the R3 do intervlan for the interwork and I success ping from PC 100.0.0.10 to mgmt 10.0.0.10
just you need route mgmt <PC subnet> <mgmt IP in L3 device that do inter vlan>

MHM

Marvin Rhoads · ‎05-15-2024

Do you have a "route management" statement telling the management interface what gateway to use?

Also, you you have an "ssh " statement allowing the remote subnet(s) to access the device?

fmugambi · ‎05-15-2024

yes i do, a route, with mgmt subnet and its g/w as next hop.

ssh statements are there too.