Hello

I have two site linked by VPN with ASA 5525-X.In site A we have management network (172.16.30.0/28) where we have management ip of ASA 5525-X IPS  (.172.16.30.14) and IPS (.172.16.30.13). The IPS has a default gateway interface vlan ip of bakbone (172.16.30.1).I have the firepower management center in the management network with IP 172.16.30.10.Then the IPS is regestered correctly by FMC in SITE A.In the remote site B i have the same architecture.THe management IP of ASA is in the management network(172.16.8.0/26).The isp module of ASA has an IP in the same management network.And gawteway of ips is the IP of interface vlan on the backbone switch.

My objectif is to register the IPS module which is in the management network in site B with FMC in the management network in site A.I add the two management network in crypto map.I add routing and ACL.i authorize ping between two subnet but i noticed that ASA always delete traffic with teardown of syn timeout.

I think my problem is linked to management interface does not play by the same rules as other interfaces on the firewall.In fact it seems by default management interface does not pass or receive traffic from any other interface on the device due to the "Management-Only" setting.On each backbone i have a default route which route all vlan to the inside interface of ASA. I  would like to route all traffic to the management network through the L3 switch on the Inside, but the ASA sees the Management network as directly connected via the Management interface.

I  would like the traffic to take the following path:

FMC > L3 Switch > ASA Inside > VPN<---------> VPN> L3 Switch > IPS

Help please