Solved: Ok. Thanks for clearing that

cmlozano8 · ‎09-04-2015

Hey Guys,

Here is what I am trying to do. I have multiple 5506s deployed with firepower. If I connect through asdm using the public interface of the firewall it cannot communicate with the firepower module. However if I vpn in using anyconnect and connect to asdm using the public interface it can communicate with the firepower module. My anyconnect is using a split tunnel too btw so I am not sure why this matters from the firewalls perspective.

inside interface on asa is 192.168.4.1

sfr module is 192.168.4.2 gateway 192.168.4.1

I am attempting this without any layer 3 switches behind the firewall. Can this be done?

Chris

Karsten Iwen · ‎09-04-2015

The ASDM on your PC sets up two connections. One to the ASA and one to the FirePower-module. Without the VPN, you can reach the public IP of the ASA, but the (internal) IP of the SFR module is not reachable. With the VPN, ASDM can reach the IP of the module and you can start managing it.

View solution in original post

Karsten Iwen · ‎09-04-2015

The ASDM on your PC sets up two connections. One to the ASA and one to the FirePower-module. Without the VPN, you can reach the public IP of the ASA, but the (internal) IP of the SFR module is not reachable. With the VPN, ASDM can reach the IP of the module and you can start managing it.

cmlozano8 · ‎09-04-2015

Ok. Thanks for clearing that up. Makes sense. Not quite as convenient as I want but I can deal with it.

Issue Managing Firepower module on 5506