Thanks for the quick response! I appreciate it. The https:// is only working when I'm connected to SSM managment port. I am not planning to connect anything to that port (or must I?). I've read the following concerning another module, the CSC SSM:
"The management port of the CSC SSM must be connected to your network to allow management of and automatic updates to the CSC SSM software. Additionally, the CSC SSM uses the management port for email notifications and syslogging."
Is this the same for AIP-SSM? (it's not mentioned in the manual)
In my situation, the AIP-SSM has IP address 10.2.0.201/24 and 10.1.1.0/24 has access for it. But the ASA has defined 10.2.0.201 as outside while 10.2.0.0/24 is actually defined inside (on the ASA). The log states:
"Teardown TCP connection 1494 for outside:10.1.1.150/59990 to outside:10.2.0.201/443 duration 0:00:00 bytes 0 Flow is a loopback"
10.2.0.0/24 is defined on ASA Ethernet0/1 (nameif inside), but - as mentioned above - I do not want to physically connect AIP-SSM with that network (I would need to purchase a switch, just to manage AIP-SSM). I just want to manage the AIP-SSM over a Site-to-Site VPN (10.1.1.0/24). I cannot find any information on this.
Either way you want to manage it(asdm integrated or idm), you will need to connect the management port of the aip-ssm to the network. When you upgrade the code to 6.0 and try to connect, the idm will not be able to connect if the management port is not on the network. Any time I set it up, I will connect the aip-ssm to a switchport and place that switchport in a management vlan. That way you can filter all the traffic that you do not want to enter that vlan.
If you want to manage your AIP remotly using the IDM you will need to have the managment interface connected to the network so that it can be reached by ip. IF you don't want to do it like that then you can connect remotly to the ASA and then log in into the AIP but using the CLI only.
Hmm.. for one my customer i had deployed the ASA with the CSC-SSM module. From outside i was able to log into the ASDM and manage the asa, but since the CSC module has a internal Private ip address, i dont get to manage the CSC SSM from the asdm. I then connected the CSC SSM to the public ip and tried accessing it and still not able to do so.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :