• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 525
  • Last Modified:

Management Interface on ASA 5510 Conflict

So I have an ASA 5510 I've been trying to configure but the management interface is on the IP address/subnet of my internal network.

Everytime I try to change it, the ASDM freezes and I can't get into it.

Is there a way I can manage the device through Interface0/1 (my internal network port)?  

I'd just like to be able to login to the appliance from my web browser and not have to plug in to a management port.  Additionally, I'd like to use that port as my connection to my internal network (like most routers).  I want the management port (on a regular interface) to be the gateway as well as "management port"  

That is how most traditional routers are set up.

Is this possible?

Thanks,
JOe K.

0
ClaudeWalker
Asked:
ClaudeWalker
  • 4
  • 3
1 Solution
 
mrklaxonCommented:
Not sure I follow but you can certainly connect to an internal IP on an ASA as long as your policy settings aren't preventing management connection on that interface or the type of connection being disabled.  You should be able to Telnet to your gateway IP or SSH (Putty client) or ASDM (might not like slow VPN remote connections).

Is that what you mean?  Need info on enabling?  
0
 
ClaudeWalkerAuthor Commented:
I guess the biggest thing that's getting in my way is not being able to change the management interface IP address.  It defaults to 192.168.1.1 which is my intranet gateway.

0
 
mrklaxonCommented:
So you are routing through the management interface/IP already and you would like to hit another interface IP or would that IP be OK but the connection is refused?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
ClaudeWalkerAuthor Commented:
I'd like to have my external and internal connections on ports 1 and 2

1 for external and 2 for internal.  I want 2 set up at 192.168.1.1 255.255.255.0 (because I have static IPs in the building based off of this.

I'd like to ditch the management port entirely and just manage the appliance from port 2.
0
 
mrklaxonCommented:
Think I see what you mean now.  If you have a free IF, set it to another IP then attach to it with ASDM or other so that your session isn't killed when you change the active IF.  You wouldn't be able to attach to an outside IF by default so don't bother using that one.  You should have 2 others free if your description is complete.  Could also assign a secondary IP to your current IF so you can move the first.  Depending upon how the policies are set you may break some rules if tied to an IF not just IPs.  May need to enable management connections for the new IP.

Needing specific instruction would require a better config description or posting the config maybe.
0
 
ArneLoviusCommented:
for "small" ASA implementations, I frequently remove any addressing from the management interface and just use the "inside" interface for management.


0
 
ClaudeWalkerAuthor Commented:
I ended up needing to do it from the CLI.  

I enabled Telnet and then changed the managment to Port 1/0 and gateway to 192.168.10.1

from there physically plugged into that port.  

I then changed my IP address on the local computer to match the gateway 192.168.10.2

I enabled Telnet from the CLI on the new Inside Port and Telnetted in

I then changed the Mgmt Port 10.0.0.1 and changed my IP again to 10.0.0.2 and switched plugs.

Then I enabled Telnet again and changed Port 1/0 to 192.168.1.1 (the desired inside).  

It was a little convoluted method but it worked and I got some experience with Telnet and the CLI for the ASA.

I'm going to test managing from inside but I suspect I have to enable it to be both a normal port and management port.  I'll keep you posted.

Thanks,
JOe K.
0
 
ClaudeWalkerAuthor Commented:
I got it!

Thanks for all of your help,

JOe K.
0

Featured Post

Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now