I have a client with a

Matt McFarlane · ‎05-20-2017

I have an ASA 5508 FTD which I want to manage via a centralized Firepower Management Center server. My problem is that the 5508 will be used to setup the VPN back to the central office. So, how do I setup the s2s vpn on the remote 5508 so that it can be managed via centralized FMC?

Thanks.

Philip D'Ath · ‎05-22-2017

Can you not manage it via the outside interface (which is not in the crypto domain)?

Marvin Rhoads · ‎05-22-2017

You can do that, but it would require having a public IP address for the FMC and allowing inbound traffic on tcp/8305 (the proprietary port which carries the sftunnel via ssl transport).

There was a Cisco presentation on how do do what the OP asked (using a site-site VPN tunnel where the tunnel terminates on the new appliance at one end). I will see if I can find it.

ericsmi · ‎08-10-2017

I have a client with a similar issue, any update on the slide deck?

Marvin Rhoads · ‎08-14-2017

I found it but it doesn't have the exact use case the OP was asking about.

I believe there's a gap in the currently available best practices guidance for remote FTD deployment. I will mention it to my Cisco contacts.

How do I manage a remote ASA FTD box using a centralized FMC?