ASA & Management Interface


what is the use of this so called "management interface"? I mean if you don't use it as a normal interface but define it "management-only"?

My findings so far: I have to give it a security level higher than the default of zero. I need all the other access-statements like "telnet ... management" and I need a routing statement, if I would like to access it from a different subnet. But this routing statement affects all the other interfaces as well :-(

Regards, Christoph Gartmann

Reply to
Christoph Gartmann
Loading thread data ...

bio dot mpg dot de

I'm no ASA guru, but generally these network management interfaces map to a physical interface on the box, and you put it on an internal network that is owned (from a routing and switching perspective) by a separate internal network device (core router/switch as an example). That way the interface has its own gateway and it does not impact the routing of the box itself. There shouldn't be any reason to put in a special route to the management interface, as if you wanted to allow this functionality, that traffic would be NAT'ed into your internal network and routed via regular internal routing to the VLAN where that management interface is addressed. As I said, I don't have much ASA experience, but perhaps someone else can shed some light.

Reply to
Trendkill Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.