Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > ASA & Management Interface

Reply
Thread Tools

ASA & Management Interface

 
 
Christoph Gartmann
Guest
Posts: n/a
 
      06-02-2009
Hello,

what is the use of this so called "management interface"? I mean if you don't
use it as a normal interface but define it "management-only"?

My findings so far: I have to give it a security level higher than the default
of zero. I need all the other access-statements like "telnet ... management"
and I need a routing statement, if I would like to access it from a different
subnet. But this routing statement affects all the other interfaces
as well

Regards,
Christoph Gartmann

--
Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -80464
Immunbiologie
Postfach 1169 Internet: gartmann@immunbio dot mpg dot de
D-79011 Freiburg, Germany
http://www.immunbio.mpg.de/home/menue.html
 
Reply With Quote
 
 
 
 
Trendkill
Guest
Posts: n/a
 
      06-02-2009
On Jun 2, 3:15*am, (E-Mail Removed) (Christoph
Gartmann) wrote:
> Hello,
>
> what is the use of this so called "management interface"? I mean if you don't
> use it as a normal interface but define it "management-only"?
>
> My findings so far: I have to give it a security level higher than the default
> of zero. I need all the other access-statements like "telnet ... management"
> and I need a routing statement, if I would like to access it from a different
> subnet. But this routing statement affects all the other interfaces
> as well
>
> Regards,
> * *Christoph Gartmann
>
> --
> *Max-Planck-Institut fuer * * *Phone * : +49-761-5108-464 * Fax: -80464
> *Immunbiologie
> *Postfach 1169 * * * * * * * * Internet: gartmann@immunbio dot mpg dot de
> *D-79011 *Freiburg, Germany
> * * * * * * * *http://www.immunbio.mpg.de/home/menue.html


I'm no ASA guru, but generally these network management interfaces map
to a physical interface on the box, and you put it on an internal
network that is owned (from a routing and switching perspective) by a
separate internal network device (core router/switch as an example).
That way the interface has its own gateway and it does not impact the
routing of the box itself. There shouldn't be any reason to put in
a special route to the management interface, as if you wanted to allow
this functionality, that traffic would be NAT'ed into your internal
network and routed via regular internal routing to the VLAN where that
management interface is addressed. As I said, I don't have much ASA
experience, but perhaps someone else can shed some light.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ASA 5510 log messages %ASA-4-419002: Duplicate TCP SYN Tilman Schmidt Cisco 5 02-18-2008 12:07 PM
IPSec PIX 501 - ASA 5510 -> log flooded with %ASA-4-402116 Tilman Schmidt Cisco 0 01-24-2008 10:49 AM
ASA 5505 as hardware vpn client to PIX 501 or ASA 5505 with network extension mode activated bjorn@kumlait.se Cisco 1 06-17-2007 12:43 PM
ASA management interface as fover interface? linguafr Cisco 1 06-04-2007 09:40 PM
WCCP on ASA & traffic between physical interfaces on ASA apsolar@gmail.com Cisco 3 02-15-2007 12:16 AM



Advertisments