Using any interface for management-only traffic, Management interface for transparent mode – Cisco ASA 5505 User Manual

6-3

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 6 Starting Interface Configuration (ASA 5510 and Higher)

Information About Starting ASA 5510 and Higher Interface Configuration

Note

If you installed an IPS module, then the IPS module management interface(s) provides management
access for the IPS module only. For the ASA 5512-X through ASA 5555-X, the IPS SSP software
module uses the same physical Management 0/0 interface as the ASA.

Using Any Interface for Management-Only Traffic

You can use any interface as a dedicated management-only interface by configuring it for management
traffic, including an EtherChannel interface (see the management-only command).

Management Interface for Transparent Mode

In transparent firewall mode, in addition to the maximum allowed through-traffic interfaces, you can also
use the Management interface (either the physical interface, a subinterface (if supported for your model),
or an EtherChannel interface comprised of Management interfaces (if you have multiple Management
interfaces)) as a separate management interface. You cannot use any other interface types as management
interfaces.

If your model does not include a Management interface, you must manage the transparent firewall from
a data interface.

In multiple context mode, you cannot share any interfaces, including the Management interface, across
contexts. To provide management per context, you can create subinterfaces of the Management interface
and allocate a Management subinterface to each context. Note that the ASA 5512-X through ASA
5555-X do not allow subinterfaces on the Management interface, so for per-context management, you
must connect to a data interface.

ASA 5520

Yes

Yes

No

No

No

ASA 5540

Yes

Yes

No

No

No

ASA 5550

Yes

Yes

No

No

No

ASA 5580

Yes

Yes

Yes

No

No

ASA 5512-X

No

Yes

No

No

No

ASA 5515-X

No

Yes

No

No

No

ASA 5525-X

No

Yes

No

No

No

ASA 5545-X

No

Yes

No

No

No

ASA 5555-X

No

Yes

No

No

No

ASA 5585-X

Yes

Yes

Yes

Yes

3

Yes

3

1.

By default, the Management 0/0 interface is configured for management-only traffic (the management-only command). For supported models in routed
mode, you can remove the limitation and pass through traffic. If your model includes additional Management interfaces, you can use them for through
traffic as well. The Management interfaces might not be optimized for through-traffic, however.

2.

The Management 0/0 interface is configured for ASDM access as part of the default factory configuration. See the

“Factory Default Configurations”

section on page 2-10

for more information.

3.

If you installed an SSP in slot 1, then Management 1/0 and 1/1 provide management access to the SSP in slot 1 only.

Table 6-1

Management Interfaces Per Model

Model

Configurable for
Through Traffic

1

Management 0/0

2

Management 0/1

Management 1/0

Management 1/1