cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1071
Views
0
Helpful
0
Replies
ngkin2010
Enthusiast

Failed to remote manage the IPS module on ASA with FirePOWER by ASDM

I am deploying the ASA to a remote site, and I encountered an issue about remote management.

 

I have followed the Cisco document to setup a cable connecting mgmt interface, and assign 10.0.0.2/24 with gateway address 10.0.0.1 to the FirePOWER IPS module. 

 

https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-device-manager/200889-Using-ASDM-to-manage-a-FirePOWER-module.html#anc5

 

 

diagram.png

 

 

So, if the administrator is on the 10.0.0.0/24 (inside) network (on the same subnet of IPS modules), the ASDM could successfully connect to FirePOWER IPS (10.0.0.2:443) without any problem.

 

However, I want the FirePOWER IPS can also be accessed from inside2 (192.168.0.0/24), but it failed. The ASDM said it cannot reach the 10.0.0.2:443.

 

I have tried with packet-tracer command to see what happen, it turn out the firewall policy has passed, routing has passed, but at the last action: DROP - no valid adjacency.

 

Is it possible to manage the FirePOWER module not on the same subnet?

 

==== Configuration reference ====

 

interface GigabitEthernet1/6
nameif inside2
security-level 50
ip address 192.168.0.1 255.255.255.0
!
interface GigabitEthernet1/7
nameif inside
security-level 50
ip address 10.0.0.1 255.255.255.0

!

! Allow communication between 2 security zones with the same security-level

same-security-traffic permit inter-interface

 

! Access-list

access-list inside_in extended permit ip any any

access-group inside_in in interface inside

 

access-list inside2_in extended permit ip any any

access-group inside2_in in interface inside2

 

 

0 REPLIES 0
Content for Community-Ad