01-06-2017 06:05 AM - edited 03-12-2019 06:14 AM
I have some 5508X HA setups in PoCs, and I recently realized that I can't manage the standby device via ASDM, through an active IPSEC tunnel.
That's an ASA classic issue, but it is a challenge for my ability to manual(huh) synchronize the Firepower configs between active/standby devices.
Is there a way to import/export configs in CLI on Firepower @ ASA5508X ?
I know that the Firepower sync. wouldn't be a problem, if I bought the FMC.
Solved! Go to Solution.
01-06-2017 07:32 AM
No you cannot do that - from cli or ASDM.
The ability to do so is one of the several reasons I always recommend customers with even two ASAs purchase the FMC.
01-06-2017 07:32 AM
No you cannot do that - from cli or ASDM.
The ability to do so is one of the several reasons I always recommend customers with even two ASAs purchase the FMC.
01-15-2017 09:13 AM
OK, for the configuration synchronization i need FMC.
But.., my setup is still ASA HA remote units, and I'm unable to manage the standby device via the IPSEC tunnel from HQ. So would FMC be I think?
Do you know how the standby unit can be managed behind an IPSEC on the active box?
BR
Thomas
01-15-2017 10:04 PM
Both the Primary and Standby units in an ASA HA pair with FirePOWER service modules are managed by FirePOWER Management Center via bidirectional communications over tcp/8305 to the modules' unique IP addresses that are bound the the ASA physical management interfaces.
As long as the gateway defined in your modules has connectivity back to the remote FMC, the IPSec security association (SA) includes the modules' management subnet and tcp/8305 is allowed via the tunnel then remote management should work fine. If there is NATting going on, then a few other considerations need to be done during the module registration process.
Note that you do need to register and license each FirePOWER service module separately. The FMC has no knowledge that the parent ASAs are in an HA pair. Generally I define a group (in FMC device management) and put both modules in it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide