ASA - routing through m0/0

mikearama

I've been able to avoid needing to do this on all ASA pairs until now, but it's necessary.

I removed "management-only" from all three contexts on this ASA pair (active-standby), but I'll be damned if I can get traffic through the device in either direction... Inside to Managment or Management to Inside.

Here's a look at the interface configs for the User context:

User-ASA1/User# sh run int
!
interface Management0/0
nameif Manage-User
security-level 100
ip address 10.22.151.7 255.255.255.0 standby 10.22.151.8
!
interface GigabitEthernet0/0
description *** To Bell Router 40Mb ***
nameif Outside
security-level 0
ip address 207.35.210.xx 255.255.255.240 standby 207.35.210.xx
!
interface GigabitEthernet0/1
description *** To Core, int g5/18, vlan 200 ***
nameif Client
security-level 50
ip address 10.22.203.253 255.255.252.0 standby 10.22.203.254
!
interface GigabitEthernet0/2
description *** Bridge to other ASA's ***
nameif Bridgenet
security-level 80
ip address 10.22.209.254 255.255.254.0 standby 10.22.209.253
!
interface GigabitEthernet0/3
description *** Pass-thru to Ebiz sites ***
nameif EbizPass
security-level 30
ip address 207.236.211.188 255.255.255.224 standby 207.236.211.189
User-ASA1/User#

Notice the absence of "management-only" on M0/0.

Rules are in place on the Client interface to allow access to the Managment subnet, and as the highest subnet, Management can get to everything... or should be able to.

Let me know if you have any ideas on what I'm missing, or need more info.

Thanks,
Mike

Ahriakin

What model/license are you running, they don't all let you route traffic through (even though it is physically possible). Also the Mgt. interface is not very efficient, less blocks/slower bus etc.