https://community.cisco.com/t5/network-security/firepower-vlan-communication/m-p/4768823#M1097495 <P>Hi&nbsp;</P><P>&nbsp;</P><P>Have same problem , how did you fix it ?&nbsp;</P><P>&nbsp;</P><P>thanks</P><P>&nbsp;</P> Sun, 05 Feb 2023 08:08:59 GMT Justinwong19918 2023-02-05T08:08:59Z https://community.cisco.com/t5/network-security/firepower-vlan-communication/m-p/4183621#M1075750 <P>Hi,</P><P>I am working with a Cisco Firepower 2130 6.6.1</P><P>I have created several vlans and their subinterfaces.</P><P>I have configured an etherchannel to a switch but I have no connectivity between vlans, I only have ping if an interface is directly connected.</P><P>Someone who can tell me how to configure connectivity between vlans?</P> Fri, 13 Nov 2020 18:41:17 GMT https://community.cisco.com/t5/network-security/firepower-vlan-communication/m-p/4183621#M1075750 Cconchap 2020-11-13T18:41:17Z https://community.cisco.com/t5/network-security/firepower-vlan-communication/m-p/4183631#M1075751 <P>Hi <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/409326">@Cconchap</a>&nbsp;</P> <P>You need to explicitly permit the intervlan traffic in the ACP, what rules do you have in place? Please provide a screenshot.</P> <P>&nbsp;</P> <P>How are you testing? Are you pinging the FTD's interfaces? If so you can only ping the interface you are connected to. You cannot ping through the FTD to it's far interface, this is denied by design.</P> <P>&nbsp;</P> <P>HTH</P> Fri, 13 Nov 2020 18:57:49 GMT https://community.cisco.com/t5/network-security/firepower-vlan-communication/m-p/4183631#M1075751 Rob Ingram 2020-11-13T18:57:49Z https://community.cisco.com/t5/network-security/firepower-vlan-communication/m-p/4183642#M1075752 <P>&nbsp;</P><P>I leave a picture of the configured subinterfaces in my portchannel on the Firepower.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="subs.PNG" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/88504i205CCF19141A107C/image-size/medium?v=v2&amp;px=400" role="button" title="subs.PNG" alt="subs.PNG" /></span></P><P>I am trying to ping these addresses from a switch, but only one of them responds since it is the management one and it is directly connected.</P><P>As for allowing the traffic in ACP I don't have it, I am somewhat disoriented with that since it is my first time working with Firepower, any idea how I should do it?</P><P>&nbsp;</P><P>&nbsp;</P><P>regards.</P><P>&nbsp;</P> Fri, 13 Nov 2020 19:15:39 GMT https://community.cisco.com/t5/network-security/firepower-vlan-communication/m-p/4183642#M1075752 Cconchap 2020-11-13T19:15:39Z https://community.cisco.com/t5/network-security/firepower-vlan-communication/m-p/4183664#M1075754 <P>Right, that's to be expected. If for example you are connect to interface 20.211 and attempting to ping 20.212 FTD interface IP address, that won't work and it's not possible to override - by design.</P> <P>&nbsp;</P> <P>You can ping "through" the FTD, but you cannot ping "to" one of the FTD's far interfaces. Test connectivity by pinging "through" the FTD, from one vlan to a device on another vlan, but don't ping the FTD's interface. To ping "through" the FTD you will need the ACP rules configured to permit the traffic.</P> Fri, 13 Nov 2020 20:15:31 GMT https://community.cisco.com/t5/network-security/firepower-vlan-communication/m-p/4183664#M1075754 Rob Ingram 2020-11-13T20:15:31Z https://community.cisco.com/t5/network-security/firepower-vlan-communication/m-p/4185461#M1075934 <P>Hi <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/97036">@Rob Ingram</a>&nbsp;</P><P>&nbsp;</P><P>This is the topology of my network, the Firepower 2130 are new equipment that is being added.</P><P>I am trying to make the connection from the firepower to the equipment that is seen in the upper part, but I have no connectivity.</P><P>Could you help me by indicating how I should do it? I don't have much experience with Firewalls and I'm quite complicated.</P><P>Towards the bottom I have a portchannel configured through which users must reach the existing services at the top through the Firewall.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="network nwe.jpg" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/88778i765F68651313FE76/image-size/large?v=v2&amp;px=999" role="button" title="network nwe.jpg" alt="network nwe.jpg" /></span></P><P>&nbsp;</P> Wed, 18 Nov 2020 19:15:23 GMT https://community.cisco.com/t5/network-security/firepower-vlan-communication/m-p/4185461#M1075934 Cconchap 2020-11-18T19:15:23Z https://community.cisco.com/t5/network-security/firepower-vlan-communication/m-p/4768823#M1097495 <P>Hi&nbsp;</P><P>&nbsp;</P><P>Have same problem , how did you fix it ?&nbsp;</P><P>&nbsp;</P><P>thanks</P><P>&nbsp;</P> Sun, 05 Feb 2023 08:08:59 GMT https://community.cisco.com/t5/network-security/firepower-vlan-communication/m-p/4768823#M1097495 Justinwong19918 2023-02-05T08:08:59Z