05-20-2017 07:24 AM - edited 03-12-2019 02:23 AM
I have an ASA 5508 FTD which I want to manage via a centralized Firepower Management Center server. My problem is that the 5508 will be used to setup the VPN back to the central office. So, how do I setup the s2s vpn on the remote 5508 so that it can be managed via centralized FMC?
Thanks.
05-22-2017 10:19 PM
Can you not manage it via the outside interface (which is not in the crypto domain)?
05-22-2017 11:51 PM
You can do that, but it would require having a public IP address for the FMC and allowing inbound traffic on tcp/8305 (the proprietary port which carries the sftunnel via ssl transport).
There was a Cisco presentation on how do do what the OP asked (using a site-site VPN tunnel where the tunnel terminates on the new appliance at one end). I will see if I can find it.
08-10-2017 01:08 PM
I have a client with a similar issue, any update on the slide deck?
08-14-2017 12:14 AM
I found it but it doesn't have the exact use case the OP was asking about.
I believe there's a gap in the currently available best practices guidance for remote FTD deployment. I will mention it to my Cisco contacts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide