07-30-2024 03:46 PM
Hello everyone, we are using firepower 2100 with anyconnect VPN. its a full tunnel configuration. I am trying to enable FDM access over the VPN on outside interface. i have added outside interface under data interface in management access section. and using custom port which is 10443. I can ping to outside interface IP while connected to VPN. but can not reach FDM. just did a packet capture, I can see packets on outside interface. when I trace one packet, i could see dropped by ACL as the drop reason. i am having an ACL to allow from VPN iP pool to outside interface on port 10443.anything else i need checking or anyting I have missed. I appreciate any comments. thanks.
07-30-2024 04:00 PM
Fdm is local not remote mgmt like fmc
So you can not use vpn for that.
MHM
07-30-2024 04:03 PM
hi currently we are using FDM on management port. we are going to use outside interface instead of management interface.
07-30-2024 04:08 PM
As I know
Mgmt interface can use for
Fmd and fmc
Mgmt and data interface can use for
Fmc ONLY
So sorry you can't.
Maybe other have different idea here' but I am 90% sure fdm not work remotely.
MHM
07-30-2024 04:11 PM
not possible to use mangement on outside and RA VPN at the same time:
Configuration of FTD through FDM poses difficulties when you attempt to establish connections for AnyConnect clients through the external interface while management is accessed through the same interface. This is a known limitation of FDM. Enhancement request Cisco bug ID CSCvm76499 has been filed for this issue.
**Please rate as helpful if this was useful**
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide