Solved

Created sub-interfaces on ASA 5510 | Can no longer access managment0/0 interface

Posted on 2009-05-06
1
450 Views
Last Modified: 2012-05-06
I added the VLAN sub-interfaces via WinAgents HyperConf (pasted the relative VLAN info and did an upload) and as soon as that completed, I could no longer use WinAgent HyperConf via ssh as I can no longer even ping the management0/0 interface.

Can't figure out why adding those sub-interfaces to Ethernet0/0 would have affected communication on the management0/0 port.

Below is my running-config:
ASA Version 8.0(4)

!

hostname asa

domain-name domain.local

enable password XXXXX encrypted

passwd XXXXX encrypted

names

dns-guard

!

interface Ethernet0/0

 speed 1000

 no nameif

 no security-level

 no ip address

!

interface Ethernet0/0.100

 description MANAGEMENT

 vlan 400

 nameif MGT

 security-level 100

 ip address 10.1.200.1 255.255.255.0

!

interface Ethernet0/0.101

 description CORPORATE

 vlan 401

 nameif CORP

 security-level 100

 ip address 10.1.201.1 255.255.255.0

!

interface Ethernet0/0.102

 description OFFICE1

 vlan 402

 nameif EO

 security-level 100

 ip address 10.1.202.1 255.255.255.0

!

interface Ethernet0/0.103

 description POFFICE1

 vlan 403

 nameif P1O

 security-level 100

 ip address 10.1.203.1 255.255.255.0

!

interface Ethernet0/0.104

 description POFFICE2

 vlan 404

 nameif P2O

 security-level 100

 ip address 10.1.204.1 255.255.255.0

!

interface Ethernet0/0.105

 description POFFICE3

 vlan 405

 nameif P3O

 security-level 100

 ip address 10.1.205.1 255.255.255.0

!

interface Ethernet0/0.106

 description POFFICE4

 vlan 406

 nameif P4O

 security-level 100

 ip address 10.1.206.1 255.255.255.0

!

interface Ethernet0/0.107

 description S5OFFICE

 vlan 407

 nameif S5O

 security-level 100

 ip address 10.1.207.1 255.255.255.0

!

interface Ethernet0/0.108

 description LOFFICE1

 vlan 408

 nameif L1O

 security-level 100

 ip address 10.1.208.1 255.255.255.0

!

interface Ethernet0/0.109

 description LOFFICE2

 vlan 409

 nameif L2O

 security-level 100

 ip address 10.1.209.1 255.255.255.0

!

interface Ethernet0/0.110

 description S8OFFICE

 vlan 410

 nameif S8O

 security-level 100

 ip address 10.1.210.1 255.255.255.0

!

interface Ethernet0/0.111

 description BARN

 vlan 501

 nameif BARN

 security-level 100

 ip address 10.1.211.1 255.255.255.0

!

interface Ethernet0/0.112

 description BARN2

 vlan 502

 nameif BARN2

 security-level 100

 ip address 10.1.212.1 255.255.255.0

!

interface Ethernet0/0.113

 description PBARN1

 vlan 503

 nameif P1B

 security-level 100

 ip address 10.1.213.1 255.255.255.0

!

interface Ethernet0/0.114

 description PBARN2

 vlan 504

 nameif P2B

 security-level 100

 ip address 10.1.214.1 255.255.255.0

!

interface Ethernet0/0.115

 description PBARN3

 vlan 505

 nameif P3B

 security-level 100

 ip address 10.1.215.1 255.255.255.0

!

interface Ethernet0/0.116

 description PBARN4

 vlan 506

 nameif P4B

 security-level 100

 ip address 10.1.216.1 255.255.255.0

!

interface Ethernet0/0.117

 description SBARN5

 vlan 507

 nameif S5B

 security-level 100

 ip address 10.1.217.1 255.255.255.0

!

interface Ethernet0/0.118

 description LBARN1

 vlan 508

 nameif L1B

 security-level 100

 ip address 10.1.218.1 255.255.255.0

!

interface Ethernet0/0.119

 description LBARN2

 vlan 509

 nameif L2B

 security-level 100

 ip address 10.1.219.1 255.255.255.0

!

interface Ethernet0/0.120

 description SBARN8

 vlan 510

 nameif S8B

 security-level 100

 ip address 10.1.220.1 255.255.255.0

!

interface Ethernet0/1

 speed 1000

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Ethernet0/2

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Ethernet0/3

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Management0/0

 nameif MGMT

 security-level 100

 ip address 192.168.1.9 255.255.255.0

 management-only

!

ftp mode passive

dns server-group DefaultDNS

 domain-name domain.local

access-list inside_temp_in extended permit ip any any

access-list inside_temp_out extended permit ip any any

pager lines 24

logging enable

logging asdm informational

mtu MGT 1500

mtu CORP 1500

mtu EO 1500

mtu P1O 1500

mtu P2O 1500

mtu P3O 1500

mtu P4O 1500

mtu S5O 1500

mtu L1O 1500

mtu L2O 1500

mtu S8O 1500

mtu BARN 1500

mtu EB 1500

mtu P1B 1500

mtu P2B 1500

mtu P3B 1500

mtu P4B 1500

mtu S5B 1500

mtu L1B 1500

mtu L2B 1500

mtu S8B 1500

mtu MGMT 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-615.bin

no asdm history enable

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

aaa authentication ssh console LOCAL

http server enable

http 192.168.1.0 255.255.255.0 MGMT

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

virtual telnet 192.168.1.9 MGMT

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh 192.168.1.0 255.255.255.0 MGMT

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

username admin password XXXXX encrypted

!

class-map inspection_default

 match default-inspection-traffic

!

!

policy-map type inspect dns migrated_dns_map_1

 parameters

  message-length maximum 512

policy-map global_policy

 class inspection_default

  inspect dns migrated_dns_map_1

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:XXXXX

: end

Open in new window

0
Comment
Question by:Tercestisi
1 Comment
 

Accepted Solution

by:
Tercestisi earned 0 total points
ID: 24318492
This is the second time this has happened... I just recreated the Management0/0 config (changed nothing) and now it works again.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now