Solved: Re: Firepower SNMP VPN

opengiltd · ‎10-04-2019

i have recently deployed a site to site between a Firepower FTD and a ASA which is up and working but im unable to monitor the FTD using SNMP over the VPN. i have enabled access via the platform settings however it seems im only able to get stats if i use the external IP address of the firewall. This is not an option as it would be sending all SNMP traffic over the internet and not down the tunnel. I know in the traditional ASA config you would apply the management-access command which would make inbound VPN connections terminate on an interface of your choosing. I thought about trying to apply a flex config with the management-access statement but im unsure if this would work.

has anyone else been able to deploy SNMP successfully to an FTD without using the FMC or the outside VPN address?

Rob Ingram · ‎10-05-2019

Hi,
I seem to recall having to use the "management-access" command with Flexconfig in a previous deployment, this worked ok. FYI, I also remember it would not work if you were using a BVI on the inside.

HTH

View solution in original post

Rob Ingram · ‎10-05-2019

Hi,
I seem to recall having to use the "management-access" command with Flexconfig in a previous deployment, this worked ok. FYI, I also remember it would not work if you were using a BVI on the inside.

HTH

hoffa2000 · ‎10-07-2019

I'd like to second that statement. I have my monitoring centralized watching sites over VPN and adding management-access using FlexConfig allowed me to monitor the FTDs on one of the data interfaces behind the VPNs.

Regards

Fredrik

czellers · ‎01-07-2022

What guide/docs did you leverage to build the flexconfig parameters?

czellers · ‎01-07-2022

Im not seeing this documented in any of the configuration guides, is there a link or doc that outlines this process/configuration or is a TAC case the only way?

sskillin · ‎04-17-2020

Would you mind sharing the exact commands used in order to get SNMP working over a VPN tunnel?

Thanks!