Enable FMD management on outside interface via anyconnect VPN

dil2 · ‎07-30-2024

Hello everyone, we are using firepower 2100 with anyconnect VPN. its a full tunnel configuration. I am trying to enable FDM access over the VPN on outside interface. i have added outside interface under data interface in management access section. and using custom port which is 10443. I can ping to outside interface IP while connected to VPN. but can not reach FDM. just did a packet capture, I can see packets on outside interface. when I trace one packet, i could see dropped by ACL as the drop reason. i am having an ACL to allow from VPN iP pool to outside interface on port 10443.anything else i need checking or anyting I have missed. I appreciate any comments. thanks.

MHM Cisco World · ‎07-30-2024

Fdm is local not remote mgmt like fmc

So you can not use vpn for that.

MHM

dil2 · ‎07-30-2024

hi currently we are using FDM on management port. we are going to use outside interface instead of management interface.

MHM Cisco World · ‎07-30-2024

As I know

Mgmt interface can use for

Fmd and fmc

Mgmt and data interface can use for

Fmc ONLY

So sorry you can't.

Maybe other have different idea here' but I am 90% sure fdm not work remotely.

MHM

ccieexpert · ‎07-30-2024

not possible to use mangement on outside and RA VPN at the same time:

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/215532-configure-remote-access-vpn-on-ftd-manag.html

Configuration of FTD through FDM poses difficulties when you attempt to establish connections for AnyConnect clients through the external interface while management is accessed through the same interface. This is a known limitation of FDM. Enhancement request Cisco bug ID CSCvm76499 has been filed for this issue.

**Please rate as helpful if this was useful**