How do you change a Cisco ASA 5510 management interface?

cisco-asa interface
16,212

Solution 1

I believe "management-access" means just what it says. This interface will be dedicated for just management and data will not be allowed to flow (pass) through the interface itself and you can only have one.

Could you post everything below and scrub any of the config that you don't want the public to see?

show run icmp

show run ssh

show run http

show run int management 0/0

Solution 2

I got it working, but not sure if it's the correct way. I connect a computer to the serial port, and ran these commands.

ASA(config)# show run management-access
management-access Inside
ASA(config)# management-access mgmt
Please remove the management access before configure a new one
ASA(config)# no management-access Inside
ASA(config)# management-access mgmt

Now I can ssh into 10.1.254.5 and ping it. I can also still use the old ip address too 10.1.25.254. Which is odd because, I was thinking 10.1.25.254 would stop working when I ran that command. So what is "management-access" command doing? should I ask a separate question for that?

Share:
16,212

Related videos on Youtube

ANKUR SHARMA
Author by

ANKUR SHARMA

Updated on September 18, 2022

Comments

  • ANKUR SHARMA
    ANKUR SHARMA over 1 year

    I want to add a redundant interface to my Cisco ASA 5510. The management interface is currently using Ethernet0/1 (10.1.25.254/24) one of the interface I want to use for the redundant interfaces. So I wanted to setup Management0/0 as the new management interface. The other interface I want to use is Ethernet0/2 (10.1.0.254/24) for the redundant interface. The Ethernet0/3 (10.1.251.5/24) interface is not going to be part of the redundant interface.

    I gave the Management0/0 an IP address of 10.1.254.5, and was able to connect a win7 box to Management0/0 and use 10.1.254.5 as a gateway; and ping another address on the (10.1.251.0/24) network, but I can't ping the interface (10.1.254.5) itself. I also can't use ASDM/SSH to log onto the ASA at 10.1.254.5.

    I setup rules in Configuration > Device Management > Management Access > ASDM/HTTPS/Telnet/SSH. That look like the original rules for the Ethernet0/1 interface.

    The last thing I can think to try would be to change the Configuration > Device Management >Management Access > Management Interface. I'm a bit nervous about changing it, the description of it is a bit vague. What it's going to do if I change it? What is the correct way to change a management interface?

    • ravi yarlagadda
      ravi yarlagadda over 12 years
      Can you provide more information about how it's configured? Is the interface on the same network as the e0/1 interface? And what do you mean when you say that you can "ping another address on the network" - is this when connected only to the ASA's management port?
    • ANKUR SHARMA
      ANKUR SHARMA over 12 years
      @Shane what else do I need to add to my question?
    • ANKUR SHARMA
      ANKUR SHARMA over 12 years
      I disable the wireless card while I did that. I should also note I'm a bit of newbie with I comes to networking.
    • ANKUR SHARMA
      ANKUR SHARMA over 12 years
      @Shane Could it be that both those interfaces have the same security level of 100?
    • ravi yarlagadda
      ravi yarlagadda over 12 years
      Traffic shouldn't pass between networks via the management interface at all, unless the Management0/0 interface has had the "management traffic only" setting cleared. For your current situation, now that it's working - you're now able to access that address when connected to the inside interface, correct? This is because the management-access command both controls the default source interface for some outbound traffic, as well as allowing cross-interface management to that interface; you're now able to send management traffic to that address without being on that interface.
    • ravi yarlagadda
      ravi yarlagadda over 12 years
      To clarify, the management-access setting does not in any way restrict where management traffic can come from, or what interfaces can be connected to (it's not going to shut down management access to your 10.1.25.254 address; you'd do that in the SSH/HTTPS settings). It's just allowing cross-interface management to your specified interface, so you can now source from the Inside interface and manage the firewall via an address on a different interface (mgmt in this case).
  • Andrew B
    Andrew B about 11 years
    You're answering a question that is over a year old, and the information that you're attempting to convey was already present within the comments of the question itself. Remember to expand them!
  • packetologist
    packetologist about 11 years
    My apologies. I clicked on the Server Fault site and it showed question as active so I answered. I will keep that in mind going forward. Thanks!
  • Andrew B
    Andrew B about 11 years
    No problem. And belatedly, welcome to Serverfault. :)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Cisco ASA 5505 (8.05): interfaces do not come up after reload
Why isn't my sub class that implements/extends a parent class recognized as a sub type of the parent class in Dart Flutter?
Dart: checking if an object implements interface
How to implement interface in-line instead of using a class in Dart/Flutter?
Umbrella Imports with Dart/Flutter
What is the purpose of a static method in interface from Java 8?
JAXB Annotations - Mapping interfaces and @XmlElementWrapper
Set an interface to nil in Golang
Difference between abstract class and interface
Can a child class implement the same interface as its parent?