Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1217
Views
100
Helpful
9
Replies

Cisco Firepower Device Manager (FDM) Management over Site to Site VPN

Amoret
Level 1
Level 1

‎02-28-2022 12:37 PM

I have a Site to Site VPN setup from an ASA 5510 (ASA Code) to an ASA 1010 (Without FMC); we are using the FDM GUI to manage this. The Site to Site VPN is working fine!

I'm trying to open the HTTPS FDM GUI over the site-to-site VPN.

ASA5510 192.168.24.0/22

ASA1010 10.0.64.0/24

On the LAN of the 10.0.64.0/24 network, we can access the FDM GUI (10.0.64.1).

On the LAN of the 192.168.24.0/22 network, we can not access the FDM GUI (https://10.0.64.1), we also can't ping 10.0.64.1 over the site to site

9 Replies 9

Amoret
Level 1
Level 1

‎02-28-2022 01:00 PM

I created a FlexConfig Template - "management-access inside" and Negate Template "no management-access inside" and now I can ping the inside interface, that's 50% of what I am trying to do but I can not access the FDM GUI over the Site-To-Site VPN? 

Rob Ingram
VIP
VIP
In response to Amoret

‎02-28-2022 01:01 PM

@Amoret did you change the management access to permit the connection from the source network?

Amoret
Level 1
Level 1
In response to Rob Ingram

‎02-28-2022 01:21 PM

Yes, well i think so. lol. 2022-02-28_14-20-55.jpg

Rob Ingram
VIP
VIP
In response to Amoret

‎02-28-2022 01:35 PM

@Amoret the inside interface is a data interface, that screenshot is of the management interface.

Amoret
Level 1
Level 1
In response to Rob Ingram

‎02-28-2022 01:50 PM

I'm starting to hate the FDM, the ASA was so much easier but I am forcing myself to learn this! Saying that are you referring to the "Data Interfaces"? If so I have tried adding it here. I added the 192.168.24.0 network to the inside and for kicks, I added it to the outside also.. still not working  

 

2022-02-28_14-49-46.jpg

Rob Ingram
VIP
VIP
In response to Amoret

‎02-28-2022 01:55 PM

@Amoretdid you deploy the policy? The orange dot indicates you need to deploy some changes.

Amoret
Level 1
Level 1
In response to Rob Ingram

‎02-28-2022 01:58 PM

Yes, it's deployed. I have added it and removed it a few times, I added it back for the screenshot then deployed it. I can ping the inside interface now but can not access https://10.0.64.1 over the site-to-site. 

Amoret
Level 1
Level 1
In response to Rob Ingram

‎02-28-2022 03:30 PM

No more comments? 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card