Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4810
Views
10
Helpful
5
Replies

Firepower SNMP VPN

Go to solution
opengiltd
Level 1
Level 1

‎10-04-2019 02:43 AM - edited ‎02-21-2020 09:33 AM

i have recently deployed a site to site between a Firepower FTD and a ASA which is up and working but im unable to monitor the FTD using SNMP over the VPN. i have enabled access via the platform settings however it seems im only able to get stats if i use the external IP address of the firewall. This is not an option as it would be sending all SNMP traffic over the internet and not down the tunnel. I know in the traditional ASA config you would apply the management-access command which would make inbound VPN connections terminate on an interface of your choosing. I thought about trying to apply a flex config with the management-access statement but im unsure if this would work.

 

has anyone else been able to deploy SNMP successfully to an FTD without using the FMC or the outside VPN address? 

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎10-05-2019 08:00 AM

Hi,
I seem to recall having to use the "management-access" command with Flexconfig in a previous deployment, this worked ok. FYI, I also remember it would not work if you were using a BVI on the inside.

HTH

View solution in original post

5 Replies 5

Go to solution
Rob Ingram
VIP
VIP

‎10-05-2019 08:00 AM

Hi,
I seem to recall having to use the "management-access" command with Flexconfig in a previous deployment, this worked ok. FYI, I also remember it would not work if you were using a BVI on the inside.

HTH

Go to solution
hoffa2000
Level 3
Level 3
In response to Rob Ingram

‎10-07-2019 12:29 AM

I'd like to second that statement. I have my monitoring centralized watching sites over VPN and adding management-access using FlexConfig allowed me to monitor the FTDs on one of the data interfaces behind the VPNs.

 

Regards

Fredrik

0 Helpful

Go to solution
czellers
Level 1
Level 1
In response to hoffa2000

‎01-07-2022 09:48 AM

What guide/docs did you leverage to build the flexconfig parameters?

0 Helpful

Go to solution
czellers
Level 1
Level 1
In response to Rob Ingram

‎01-07-2022 09:46 AM

Im not seeing this documented in any of the configuration guides, is there a link or doc that outlines this process/configuration or is a TAC case the only way?

0 Helpful

Go to solution
sskillin
Level 1
Level 1

‎04-17-2020 02:32 PM

Would you mind sharing the exact commands used in order to get SNMP working over a VPN tunnel?

Thanks!

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card