Question about the man0/0 interface on a Cisco ASA 5510
Posted on 2007-10-01
I have a question about the man0/0 interface on the Cisco ASA 5510. I have a setup like this...
(Inside network, 192.168.1.0/24) --- Cisco Router --- 192.168.254.0/30 --- Cisco ASA --- Internet perimeter router --- Internet
Now, I also configured the int man0/0 to have the IP address 192.168.1.15/24, which is on the inside network. I thought that, because the interface is configured as management-only, this would be OK. But as it turns out, the ASA tries to use this port for routing traffic, and because my default route points to the ASA, I get a routing loop.
Also, I have OSPF configued on the ASA, and the man0/0 interface gets assigned to area 0.
I thought that management-only meant that only specific traffic (http, ssl. snmp, etc.) coming from specific management workstations was allowed. I didn't expect the interface to try to pass traffic through. Is this "bad" behavior on the part of my man0/0 port, or is this normal?
Is there any way I can prevent the man0/0 interface from trying to route traffic? Or am I just stuck with having to disable man0/0 during normal operation?