ASA 5510 question

colemiccolemic Member Posts: 1,569 ■■■■■■■□□□
in Off-Topic
I broke some stuffs the other day... in the ASDM, I enabled the management interface, assigned it an unused IP, and it broke SSL traffic, inbound and outbound. Can anyone think of a configuration condition that would cause this?
Working on: staying alive and staying employed
· Share on FacebookShare on Twitter

Comments

  • netsysllcnetsysllc Member Posts: 479 ■■■■□□□□□□
    Sounds like you enabled it on the outside interface not the inside
    · Share on FacebookShare on Twitter
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    colemic wrote: »
    I broke some stuffs the other day... in the ASDM, I enabled the management interface, assigned it an unused IP, and it broke SSL traffic, inbound and outbound. Can anyone think of a configuration condition that would cause this?

    Post the config.
    · Share on FacebookShare on Twitter
  • colemiccolemic Member Posts: 1,569 ■■■■■■■□□□
    Unfortunately I can't... our configs are tightly controlled since we are a financial institution. I will look and see if I can get something sanitized that we can look at. Our network guru did have an idea though - that by enabling the management interface, somehow the firewall decided that it had a higher priority for traffic, and started sending it out the management interface. You would think that a management interface would only be sent managemtn traffic but thats obviously not the case in this situation. The IP assigned was on the same VLAN as the other interfaces (99% sure at least.) We are looking at implementing a management network to simplify administration and avoid this kind of thing.
    Working on: staying alive and staying employed
    · Share on FacebookShare on Twitter
  • TheNewITGuyTheNewITGuy Member Posts: 169 ■■■■□□□□□□
    Might have a NAT goin on.
    · Share on FacebookShare on Twitter
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    colemic wrote: »
    Unfortunately I can't... our configs are tightly controlled since we are a financial institution. I will look and see if I can get something sanitized that we can look at. Our network guru did have an idea though - that by enabling the management interface, somehow the firewall decided that it had a higher priority for traffic, and started sending it out the management interface. You would think that a management interface would only be sent managemtn traffic but thats obviously not the case in this situation. The IP assigned was on the same VLAN as the other interfaces (99% sure at least.) We are looking at implementing a management network to simplify administration and avoid this kind of thing.

    Run a capture from the asa cli, then you'll be able to see where the traffic is going.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.