| Home | Forums | Reviews | Guides | Newsgroups | Register | Search |
 |
| Thread Tools |
|
Guest
Posts: n/a
|
Hello,
what is the use of this so called "management interface"? I mean if you don't use it as a normal interface but define it "management-only"? My findings so far: I have to give it a security level higher than the default of zero. I need all the other access-statements like "telnet ... management" and I need a routing statement, if I would like to access it from a different subnet. But this routing statement affects all the other interfaces as well  Regards, Christoph Gartmann -- Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -80464 Immunbiologie Postfach 1169 Internet: gartmann@immunbio dot mpg dot de D-79011 Freiburg, Germany http://www.immunbio.mpg.de/home/menue.html |
|
|
|
|||
|
|
| |
|
Guest
Posts: n/a
|
On Jun 2, 3:15*am, gartm...@nonsense.immunbio.mpg.de (Christoph
Gartmann) wrote: > Hello, > > what is the use of this so called "management interface"? I mean if you don't > use it as a normal interface but define it "management-only"? > > My findings so far: I have to give it a security level higher than the default > of zero. I need all the other access-statements like "telnet ... management" > and I need a routing statement, if I would like to access it from a different > subnet. But this routing statement affects all the other interfaces > as well > > Regards, > * *Christoph Gartmann > > -- > *Max-Planck-Institut fuer * * *Phone * : +49-761-5108-464 * Fax: -80464 > *Immunbiologie > *Postfach 1169 * * * * * * * * Internet: gartmann@immunbio dot mpg dot de > *D-79011 *Freiburg, Germany > * * * * * * * *http://www.immunbio.mpg.de/home/menue.html I'm no ASA guru, but generally these network management interfaces map to a physical interface on the box, and you put it on an internal network that is owned (from a routing and switching perspective) by a separate internal network device (core router/switch as an example). That way the interface has its own gateway and it does not impact the routing of the box itself. There shouldn't be any reason to put in a special route to the management interface, as if you wanted to allow this functionality, that traffic would be NAT'ed into your internal network and routed via regular internal routing to the VLAN where that management interface is addressed. As I said, I don't have much ASA experience, but perhaps someone else can shed some light. |
|
|
|
|
|||
|
|
| |
|
| Thread Tools | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| ASA 5510 log messages %ASA-4-419002: Duplicate TCP SYN | Tilman Schmidt | Cisco | 5 | 02-18-2008 12:07 PM |
| IPSec PIX 501 - ASA 5510 -> log flooded with %ASA-4-402116 | Tilman Schmidt | Cisco | 0 | 01-24-2008 10:49 AM |
| ASA 5505 as hardware vpn client to PIX 501 or ASA 5505 with network extension mode activated | bjorn@kumlait.se | Cisco | 1 | 06-17-2007 12:43 PM |
| ASA management interface as fover interface? | linguafr | Cisco | 1 | 06-04-2007 09:40 PM |
| WCCP on ASA & traffic between physical interfaces on ASA | apsolar@gmail.com | Cisco | 3 | 02-15-2007 12:16 AM |
