Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
714
Views
5
Helpful
3
Replies

Adding IPS located on a remote site

Go to solution
seckka21
Level 1
Level 1

‎06-18-2022 09:43 AM

Hello
I have a problem to manage the devices of two sites. I have my FMC installed on the main site with a management network 172.16.30.0/28. The FMC has an address in this network as well as the ips module and the interfaces of management of ASAs. My ips modules are registered on the FMC correctly. However, I have ASA 5525-Xs on another site and I want the same FMC to manage them. The two sites are connected by VPN. I want to create a network of management in this site for the ips and the management interfaces of the ASAs. Can the registration be successful since this equipment is on a remote network and is connected to the headquarters by vpn

1 Accepted Solution

Accepted Solutions

Go to solution
Sheraz.Salim
VIP
VIP
In response to seckka21

‎06-19-2022 03:09 AM - edited ‎06-19-2022 03:32 AM

FMC is on 172.16.30.0/28. and on another remote side ASA 5525-X SFR (Firepower sensor on different subnet). your requirment is to add the SFR IP address so it can register to FMC. You mentioned you alrady have Site-To-Site vpn establish between two. All need here is put the FMC ip address and SFR address in the crypto-map (plus the NAT rule exemption) on site HQ and the remote site. vice-versa on remote side put the crypto map for the address of SFR and FMC in the tunnel. this will reslove the issue and you will be able to register your SFR module to FMC.

 

FMC-HQ

nat(inside,outside) source static FMC FMC destin static SFR SFR no proxy-arp route-lookup

 

Remote-Site

nat(any,outside) source static SFR SFR destin static FMC FMC no proxy arp route lookup.

please do not forget to rate.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
seckka21
Level 1
Level 1
In response to MHM Cisco World

‎06-19-2022 02:47 AM

hi

i have the vpn already set but my problem is that the fmc is in a different network with ips.Is it possible to add the the sensor?

0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP
In response to seckka21

‎06-19-2022 03:09 AM - edited ‎06-19-2022 03:32 AM

FMC is on 172.16.30.0/28. and on another remote side ASA 5525-X SFR (Firepower sensor on different subnet). your requirment is to add the SFR IP address so it can register to FMC. You mentioned you alrady have Site-To-Site vpn establish between two. All need here is put the FMC ip address and SFR address in the crypto-map (plus the NAT rule exemption) on site HQ and the remote site. vice-versa on remote side put the crypto map for the address of SFR and FMC in the tunnel. this will reslove the issue and you will be able to register your SFR module to FMC.

 

FMC-HQ

nat(inside,outside) source static FMC FMC destin static SFR SFR no proxy-arp route-lookup

 

Remote-Site

nat(any,outside) source static SFR SFR destin static FMC FMC no proxy arp route lookup.

please do not forget to rate.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card