Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
411
Views
15
Helpful
8
Replies

SNMP monitoring of FTD through IPSec

Michael Bartholomæussen
Beginner
Beginner

‎11-08-2022 03:52 AM

Hi All,

I've deployed a FMC managed FTD at a remote office, where it's managed via OUTSIDE interface.

Usually with an ASA it's possible to query SNMP on the INSIDE interface through the IPSec.
This doesn't seems possible with the FTD. ICMP doesn't work either via the IPSec to INSIDE.

Any solution to this issue?

Regards, 

Michael

8 Replies 8

manabans
Cisco Employee
Cisco Employee

‎11-08-2022 08:10 PM

On ASA - If your VPN tunnel terminates on one interface, but you want to manage the ASA by accessing a different interface, you can identify that interface as a management-access interface. For example, if you enter the ASA from the outside interface, this feature lets you connect to the inside interface using ASDM, SSH, Telnet, or SNMP; or you can ping the inside interface when entering from the outside interface. Management access is available via the following VPN tunnel types: IPsec clients, IPsec site-to-site, and the AnyConnect SSL VPN client.

management-access management_interface

The management_interface specifies the name of the management interface that you want to access when entering the ASA from another interface.

We can use the same command on FTD, which can be deployed via FMC Flex Policy. An enhancement is already in place to introduce this on the FMC UI, https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz48122 

0 Helpful

Michael Bartholomæussen
Beginner
Beginner
In response to manabans

‎11-09-2022 12:00 AM

Yes - this is exactly the option I'm missing on the FTD via FMC.

Just making sure, setting this option, will NOT change the interface where the FMC is managing the device?

0 Helpful