Cisco ASA 5505 Configuration Manual page 234
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Licensing Requirements for Interfaces
•
•
Dual IP Stack
The adaptive security appliance supports the configuration of both IPv6 and IPv4 on an interface. You
do not need to enter any special commands to do so; simply enter the IPv4 configuration commands and
IPv6 configuration commands as you normally would. Make sure you configure a default route for both
IPv4 and IPv6.
Management Interface (ASA 5510 and Higher)
The management interface is a Fast Ethernet interface designed for management traffic only. You can,
however, use it for through traffic if desired. In transparent firewall mode, you can use the management
interface (for management purposes) in addition to the two interfaces allowed for through traffic. You
can also add subinterfaces to the management interface to provide management in each security context
for multiple context mode.
In transparent firewall mode, the management interface updates the MAC address table in the same
Note
manner as a data interface; therefore you should not connect both a management and a data interface to
the same switch unless you configure one of the switch ports as a routed port (by default Cisco Catalyst
switches share a MAC address for all VLAN switch ports). Otherwise, if traffic arrives on the
management interface from the physically-connected switch, then the adaptive security appliance
updates the MAC address table to use the management interface to access the switch, instead of the data
interface. This action causes a temporary traffic interruption; the adaptive security appliance will not
re-update the MAC address table for packets from the switch to the data interface for at least 30 seconds
for security reasons.
Licensing Requirements for Interfaces
The following table shows the licensing requirements for VLANs:
Cisco ASA 5500 Series Configuration Guide using ASDM
8-6
NAT control—When you enable NAT control, you must configure NAT for hosts on a higher security
interface (inside) when they access hosts on a lower security interface (outside).
Without NAT control, or for same security interfaces, you can choose to use NAT between any
interface, or you can choose not to use NAT. Keep in mind that configuring NAT for an outside
interface might require a special keyword.
established command—This command allows return connections from a lower security host to a
higher security host if there is already an established connection from the higher level host to the
lower level host.
If you enable communication for same security interfaces, you can configure established commands
for both directions.
Chapter 8
Configuring Interfaces
OL-20339-01
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
