+John Teacake MVC Posted October 4, 2013 MVC Share Posted October 4, 2013 Hi All, Does anyone have any experience with Cisco ASA? Is this correct that anything from the management network is not allowed through to say the internet. If my PC was part of the management sub-net I would only be able to access the internet from my PC through a proxy? To make it worse there is only an ACL on been able to manage the devices from said subnet? .... Thanks Link to comment Share on other sites More sharing options...
nabz0r Veteran Posted October 4, 2013 Veteran Share Posted October 4, 2013 Hi All, Does anyone have any experience with Cisco ASA? Yes. Is this correct that anything from the management network is not allowed through to say the internet. No that is not correct. If my PC was part of the management sub-net I would only be able to access the internet from my PC through a proxy? No, you can access the internet without going through proxy. Now tell us a little more what you want to achieve so that we can help you more. :) Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted October 6, 2013 Author MVC Share Posted October 6, 2013 OK So I will try explain it. We have a new Cisco ASA. This was what the Cisco Guys told us by the way. So we have a management interface, On that management interface it has an ACL (I think) that only allows a certain subnet to connect to it. Fine. We tied it down to our Network Ops Center subnet so only those guys can connect to it. They told us that anyone on this certain subnet can connect but as it connects to the management interface if we were doing that we would need to use a proxy on our PC's to connect to the internet as any traffic is seen from will be going via the management interface and that isnt allowed out to the internet. I find this strange. Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted October 6, 2013 Author MVC Share Posted October 6, 2013 The way they explained it was, That they see traffic from our PC comming in on the Management Interface. Which is restricted not to be allowed out if this makes sense. I am confused with this. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted October 6, 2013 Veteran Share Posted October 6, 2013 There is an acl or different weight of that management network that would deny access to other networks. A lower weighted network will not be able to access a higher weighted network. Link to comment Share on other sites More sharing options...
nabz0r Veteran Posted October 7, 2013 Veteran Share Posted October 7, 2013 Ok, I am a little configused honestly.. IF you want to connect to management network you can give access to any vlan/subnet to connect to that interface.. this shouldn't be any problem as you your Ops subnet is already connected to it. Now if your management network has a route to the internet and other network doesn't it couldn't be a problem you can even have another route for other subnet allowing them to access the internet. If i am not mistaking you can even have your other subnets to connect to the internet via managemnet interface but that is not an easy task. (I haven't done that before though but I read in Cisco that it is possible again I am not sure 100%) You still didn't say what it is that you are trying to do? Do you want to access the internet through management interface or you are just trying to do some labs/tests just for fun? Link to comment Share on other sites More sharing options...
Recommended Posts