ā07-10-2023 07:16 AM
Hi All,
Wanted to know if any software/hardware to reach the internal network (DC devices) when the Anyconnect VPN is down/not reachable.
(By passing the VPN so that we can connect for troubleshooting purposes.)
ā07-10-2023 07:21 AM
as VPN or as mgmt ?
ā07-10-2023 07:23 AM
Mainly for mgmt puposes. So that we can get access to the devices with connecting VPN
ā07-10-2023 07:24 AM
so SSH is not optional here ?
ā07-10-2023 07:27 AM
SSH would be helpful. But without VPN connected we would not be able to SSH into the devices, wanted to change that when VPN is down so that we can login to them.
ā07-10-2023 07:33 AM
you can, what you need only is NATing in ASA
SW private IP -> NATing ASA port 22 -> public IP
when you not connect via VPN you can use public IP of ASA using port 22 access to SW private IP.
ā07-10-2023 07:36 AM
Sorry forgot to mention, we have FTDs managed by FMC.
We would also like to get access to other devices like routers and switches in DC not just Firewall.
ā07-10-2023 07:39 AM
router1 private IP port 22 -NATing -> public IP port 1022
router2 private IP port 22 -NATing-> public IP port 2022
..etc.
each one have it port to access.
ā07-10-2023 07:42 AM
Thank you. But my public IP keeps changing right and also we need to make changes on FMC(not in FTD CLI) is what TAC informed.
ā07-10-2023 07:46 AM
public IP keep changing Need then VPN.
anyconnect NO
then last as I know is using flexVPN remote access
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide