ASA & Management Interface

Discussion in 'Cisco' started by Christoph Gartmann, Jun 2, 2009.

  1. Hello,

    what is the use of this so called "management interface"? I mean if you don't
    use it as a normal interface but define it "management-only"?

    My findings so far: I have to give it a security level higher than the default
    of zero. I need all the other access-statements like "telnet ... management"
    and I need a routing statement, if I would like to access it from a different
    subnet. But this routing statement affects all the other interfaces
    as well :-(

    Regards,
    Christoph Gartmann

    --
    Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -80464
    Immunbiologie
    Postfach 1169 Internet: gartmann@immunbio dot mpg dot de
    D-79011 Freiburg, Germany
    http://www.immunbio.mpg.de/home/menue.html
     
    Christoph Gartmann, Jun 2, 2009
    #1
    1. Advertising

  2. Christoph Gartmann

    Trendkill Guest

    On Jun 2, 3:15 am, (Christoph
    Gartmann) wrote:
    > Hello,
    >
    > what is the use of this so called "management interface"? I mean if you don't
    > use it as a normal interface but define it "management-only"?
    >
    > My findings so far: I have to give it a security level higher than the default
    > of zero. I need all the other access-statements like "telnet ... management"
    > and I need a routing statement, if I would like to access it from a different
    > subnet. But this routing statement affects all the other interfaces
    > as well :-(
    >
    > Regards,
    >    Christoph Gartmann
    >
    > --
    >  Max-Planck-Institut fuer      Phone   : +49-761-5108-464   Fax: -80464
    >  Immunbiologie
    >  Postfach 1169                 Internet: gartmann@immunbio dot mpg dot de
    >  D-79011  Freiburg, Germany
    >                http://www.immunbio.mpg.de/home/menue.html


    I'm no ASA guru, but generally these network management interfaces map
    to a physical interface on the box, and you put it on an internal
    network that is owned (from a routing and switching perspective) by a
    separate internal network device (core router/switch as an example).
    That way the interface has its own gateway and it does not impact the
    routing of the box itself. There shouldn't be any reason to put in
    a special route to the management interface, as if you wanted to allow
    this functionality, that traffic would be NAT'ed into your internal
    network and routed via regular internal routing to the VLAN where that
    management interface is addressed. As I said, I don't have much ASA
    experience, but perhaps someone else can shed some light.
     
    Trendkill, Jun 2, 2009
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Martin Bilgrav
    Replies:
    1
    Views:
    998
    Martin Bilgrav
    Dec 20, 2003
  2. Frank Marano
    Replies:
    2
    Views:
    1,386
    Frank Marano
    May 27, 2004
  3. Bernd Nies
    Replies:
    2
    Views:
    9,153
    Bernd Nies
    Mar 23, 2007
  4. linguafr
    Replies:
    1
    Views:
    446
    mcaissie
    Jun 4, 2007
  5. maruffaiz
    Replies:
    0
    Views:
    917
    maruffaiz
    Dec 11, 2012
Loading...

Share This Page