Cisco ASA5506-X Threat Defense 6.2.0 - PPTP and SNMP

kevinkarnebeek · ‎06-20-2017

Hi guys,

We just started using a ASA5506-X with FTD 6.2.0 installed, running in a lab environment, but the intention of moving to production. We have all the connectivity needs up and running, but i am finding the GUI to be very limited in possibilities compared to ASDM..

We have several PPTP vpn connections that have to made for remote support, but outbound PPTP is not working. When trying to change the policy-map global_policy, i dont have the option to add inspect PPTP. What do we have to do to get this working?

Another thing i am missing, is SNMP monitoring. I have been through the GUI and CLI but cannot find any option to allow SNMP monitoring on any interface.

Thoughts?

Marvin Rhoads · ‎06-21-2017

The FirePOWER Device Manager (FDM) on-box management is limited by design. Cisco positions it for the use case of simple basic setup. For enterprises or advanced users they recommend FirePOWER Management Center (FMC).

FMC allows you do create FlexConfigs which can be deployed to the FTD device to manage elements of the configuration (specifically the legacy ASA code, also known as Lina) that aren't exposed directly in the GUI yet. You can change protocol inspection policies that way.

SNMP monitoring can be set from the FMC GUI under Devices > Platform Settings as shown below:

Tanasis Yankov · ‎06-22-2017

SNMP is not a issue PPTP does't seems to be working in any nat configuration more that this its not matched by security policies as its matching default tunnel policy any ideas ?

Marvin Rhoads · ‎06-23-2017

Were you able to create and deploy a FlexConfig to inspect pptp?