topic Re: Manage FDM over VPN in Network Security

Manage FDM over VPN

Otvforte — Mon, 01 Sep 2025 17:16:10 GMT

Hello!

I can successfully connect to the VPN using Remote Access and access all hosts in the 192.168.100.x subnet.

Now I'm trying to manage the FDM remotely. After connecting to the VPN, I attempt to access the FDM's data interface IP (192.168.100.1), which is the same IP I use for local management — but it doesn't work.

Here’s what I’ve tried so far:

Disabled split tunneling
Created a NAT exemption
Allow any on Managment Access / Data Interface / Allowed Network

As mentioned, I can reach other IPs within the same subnet as the FDM interface IP.

Is this expected behavior? Is remote management of FDM over VPN restricted by default?

Thanks in advance!

Re: Manage FDM over VPN

MHM Cisco World — Mon, 01 Sep 2025 17:28:00 GMT

Is this expected behavior? Is remote management of FDM over VPN restricted by default?

Yes you can not use fdm over vpn

MHM

Re: Manage FDM over VPN

Otvforte — Mon, 01 Sep 2025 17:34:11 GMT

I see, even a ping to FDM interfaces over VPN seems to be blocked with no reason, but I couldn't find official informations about this.

What are the options ? connect to a remote client first (like a jump server) and manage FDM from that ?

Re: Manage FDM over VPN

MHM Cisco World — Mon, 01 Sep 2025 17:36:55 GMT

You need to use fmc

MHM

Re: Manage FDM over VPN

balaji.bandi — Mon, 01 Sep 2025 17:37:13 GMT

Check this wish list and alternative option for you to manage FDM making Jump box.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm76499

Re: Manage FDM over VPN

Otvforte — Mon, 01 Sep 2025 17:56:36 GMT

Thank you all. Just for the record, TAC advised me to use the Data Interface for management, but that didn’t work either.

a. Open Device > System Settings > Management Access.
b. On the “Data Interfaces” tab click “+”.
- Interface – pick the interface that is reachable after the VPN comes up (inside, DMZ, etc.).
- Protocols – HTTPS and/or SSH.
- Allowed Networks – add the AnyConnect VPN address pool or a network-object that contains it.

Regards

Re: Manage FDM over VPN

MHM Cisco World — Mon, 01 Sep 2025 18:07:17 GMT

this one of workaround
I dont try and dont recommend

why cisco workaround not work ? can I know the FTD ver.

Re: Manage FDM over VPN

MHM Cisco World — Mon, 01 Sep 2025 18:11:07 GMT

Forward my workaround to cisco TAC team let check it.

MHM

Re: Manage FDM over VPN

Otvforte — Mon, 01 Sep 2025 18:40:44 GMT

Thank you, I'm probably going for a jump server solution.

why cisco workaround not work ? not sure, I can't even ping the FTD interfaces when inside VPN.

Strange that other hosts on the same subnet are fine. Its seems a blocked feature.

Re: Manage FDM over VPN

MHM Cisco World — Mon, 01 Sep 2025 18:49:39 GMT

Can I see TAC suggestion' complete.

For ping by defualt ASA or FTD can not accept ping from one interface to other'

I.e. PC connect to outside and you need to ping inside asa/ftd will drop this traffic

From here idea of looping traffic' traffic go from inside to router and enter to mgmt interface.

Keep notice that mgmt rib is isolate from data rib

MHM