cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5779
Views
10
Helpful
5
Replies

Firepower SNMP VPN

opengiltd
Level 1
Level 1

i have recently deployed a site to site between a Firepower FTD and a ASA which is up and working but im unable to monitor the FTD using SNMP over the VPN. i have enabled access via the platform settings however it seems im only able to get stats if i use the external IP address of the firewall. This is not an option as it would be sending all SNMP traffic over the internet and not down the tunnel. I know in the traditional ASA config you would apply the management-access command which would make inbound VPN connections terminate on an interface of your choosing. I thought about trying to apply a flex config with the management-access statement but im unsure if this would work.

 

has anyone else been able to deploy SNMP successfully to an FTD without using the FMC or the outside VPN address? 

 

 

1 Accepted Solution

Accepted Solutions

Hi,
I seem to recall having to use the "management-access" command with Flexconfig in a previous deployment, this worked ok. FYI, I also remember it would not work if you were using a BVI on the inside.

HTH

View solution in original post

5 Replies 5

Hi,
I seem to recall having to use the "management-access" command with Flexconfig in a previous deployment, this worked ok. FYI, I also remember it would not work if you were using a BVI on the inside.

HTH

I'd like to second that statement. I have my monitoring centralized watching sites over VPN and adding management-access using FlexConfig allowed me to monitor the FTDs on one of the data interfaces behind the VPNs.

 

Regards

Fredrik

What guide/docs did you leverage to build the flexconfig parameters?

Im not seeing this documented in any of the configuration guides, is there a link or doc that outlines this process/configuration or is a TAC case the only way?

sskillin
Level 1
Level 1

Would you mind sharing the exact commands used in order to get SNMP working over a VPN tunnel?

Thanks!

 

Review Cisco Networking for a $25 gift card