About ASDM Connections Through FPR1120-ASA-K9 AnyConnect

Translator · ‎06-12-2024

Could you tell me about the subject matter?

Recently, we replaced the equipment from ASA5516-X to FPR1120-ASA-K9.

In the previous ASA5516-X, the connection was ASDM to the IP (192.168.1.1) of the inside interface in the VPN connection state with AnyConnect. However, in the FRP1120-ASA-K9 after the replacement, the ASDM connection from the AnyConnect connection to the inside interface is not possible, and the ASDM connection is made to the Management interface (192.168.2.1) through the internal L3 switch I am doing.

I want to enable ASDM connection to the Inside interface in FRP1120-ASA-K9 as well as ASA5516-X, but is it possible in the specification?

Thank you for your understanding.

Translator · ‎06-12-2024

Good evening.

It is not a direct answer, but I think the following site will be useful.

https://community.cisco.com/t5/tkb-%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3-%E3%83%89%E3%82%AD%E3%83%A5%E3%83%A1%E3%83%B3%E3%83%88/management-access-%E3%82%92%E4%BD%BF%E7%94%A8%E3%81%97%E3%81%9F-vpn-%E7%B5%8C%E7%94%B1%E3%81%A7%E3%81%AE-...

https://www.cisco.com/c/ja_jp/support/docs/security/adaptive-security-device-manager/118092-configure-asa-00.html

https://www.wiresandwi.fi/blog/cisco-asa-manage-asa-with-ssh-and-asdm-over-remote-access-vpn-checklist

Also, as it is fine to the extent that it can be disclosed, I think that it will be easier to get answers from experts if you put the content of show run.

MHM Cisco World · ‎06-13-2024

the Mgmt routing is separate from the data routing in FTD
what I see is mgmt interface have GW toward L3SW and L3SW and hence the traffic flow is
Anyconnect-FTD(OUT)data routing -FTD(IN)-L3SW-FTD(mgmt)
that correct there is no problem.

MHM