Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
493
Views
6
Helpful
9
Replies

Manage FDM over VPN

Otvforte
Level 1
Level 1

‎09-01-2025 10:16 AM

Hello!

I can successfully connect to the VPN using Remote Access and access all hosts in the 192.168.100.x subnet.

Now I'm trying to manage the FDM remotely. After connecting to the VPN, I attempt to access the FDM's data interface IP (192.168.100.1), which is the same IP I use for local management — but it doesn't work.

Here’s what I’ve tried so far:

  • Disabled split tunneling
  • Created a NAT exemption
  • Allow any on Managment Access / Data Interface / Allowed Network

As mentioned, I can reach other IPs within the same subnet as the FDM interface IP.

Is this expected behavior? Is remote management of FDM over VPN restricted by default?

Thanks in advance!

0 Helpful
9 Replies 9

MHM Cisco World
VIP
VIP

‎09-01-2025 10:28 AM

Is this expected behavior? Is remote management of FDM over VPN restricted by default?

Yes you can not use fdm over vpn

MHM

Otvforte
Level 1
Level 1
In response to MHM Cisco World

‎09-01-2025 10:34 AM

I see, even a ping to FDM interfaces over VPN seems to be blocked with no reason, but I couldn't find official informations about this. 

What are the options ? connect to a remote client first (like a jump server) and manage FDM from that ?

0 Helpful

MHM Cisco World
VIP
VIP
In response to Otvforte

‎09-01-2025 10:36 AM

You need to use fmc 

MHM

balaji.bandi
Hall of Fame
Hall of Fame

‎09-01-2025 10:37 AM

Check this wish list and alternative option for you to manage FDM making Jump box.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm76499

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Otvforte
Level 1
Level 1

‎09-01-2025 10:56 AM

Thank you all. Just for the record, TAC advised me to use the Data Interface for management, but that didn’t work either.

a. Open Device > System Settings > Management Access.
b. On the “Data Interfaces” tab click “+”.
- Interface – pick the interface that is reachable after the VPN comes up (inside, DMZ, etc.).
- Protocols – HTTPS and/or SSH.
- Allowed Networks – add the AnyConnect VPN address pool or a network-object that contains it.

Regards

MHM Cisco World
VIP
VIP
In response to Otvforte

‎09-01-2025 11:07 AM

this one of workaround 
I dont try and dont recommend 

why cisco workaround not work ? can I know the FTD ver. Screenshot (1032).png

0 Helpful

MHM Cisco World
VIP
VIP
In response to MHM Cisco World

‎09-01-2025 11:11 AM

Forward my workaround to cisco TAC team let check it.

MHM

Otvforte
Level 1
Level 1
In response to MHM Cisco World

‎09-01-2025 11:40 AM

Thank you, I'm probably going for a jump server solution.

why cisco workaround not work ? not sure, I can't even ping the FTD interfaces when inside VPN.

Strange that other hosts on the same subnet are fine. Its seems a blocked feature.

0 Helpful

MHM Cisco World
VIP
VIP
In response to Otvforte

‎09-01-2025 11:49 AM

Can I see TAC suggestion' complete.

For ping by defualt ASA or FTD can not accept ping from one interface to other' 

I.e. PC connect to outside and you need to ping inside asa/ftd will drop this traffic

From here idea of looping traffic' traffic go from inside to router and enter to mgmt interface.

Keep notice that mgmt rib is isolate from data rib

MHM

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card