Hi All
can someone explain to me the difference between the System IP and Management
IP address when configuring an ASA as a transparent firewall?
I can't see why the firewall would need a System IP address configured with the
global command below
TRANFW(config)# ip address global_ip_add subnet_mask
when the firewall already has a Management IP address configured with the
command below
TRANFW(config)# interface Management0/0
TRANFW(config-if)# nameif MGMT
TRANFW(config-if)# security-level 100
TRANFW(config-if)# ip address mgmt_ip_add subnet_mask
The management IP defined on Management0/0 allows me to SSH to the device via
the management network so why is there a need for a global ip address which
when configured is applied to both interfaces paired for transparent
firewalling as shown below
TRANFW(config)# sh int ip brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 global_ip_add YES unset up up
Ethernet0/1 global_ip_add YES unset up up
Ethernet0/2 unassigned YES unset administratively down up
Ethernet0/3 unassigned YES unset administratively down up
Management0/0 mgmt_ip_add YES manual up up
Any information on why both these are required would be appreciated as the
firewall will not pass traffic until it is defined with a Global IP address.
Thanks
Simon
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
