https://community.cisco.com/t5/network-security/deploy-ftdv-in-aws-not-reachable/m-p/4927308#M1104459 <P>Hi Milos, sorry I meant I could connect to the Linux box and from the Linux box, I still can't connect to the FTD with its private IP on the mgmt subnet... I have updated my original post to have more clear wording. Sorry about the confusion... Thanks for your response.</P> Thu, 21 Sep 2023 15:25:05 GMT Difan Zhao 2023-09-21T15:25:05Z https://community.cisco.com/t5/network-security/deploy-ftdv-in-aws-not-reachable/m-p/4926916#M1104442 <P>I followed this YouTube video to create the instance.&nbsp;<A href="https://www.youtube.com/watch?v=_WfqPZWgM0c&amp;t=1212s" target="_blank" rel="noopener">https://www.youtube.com/watch?v=_WfqPZWgM0c&amp;t=1212s</A></P><P>I pre-created four interfaces. The mgmt and diag interfaces are in the mgmt subnet that has a default route to IGW. The inside and outside interfaces are in their respective subnets. The mgmt and outside interface have the elastic IP assigned. The SG is wide open for both inbound and outbound.</P><P>The AMI image is&nbsp;<SPAN>ftdv-7.3.0-69-ENA-ad0af76e-c569-4a81-84d0-cff2308179ef or FTD with BYOL</SPAN></P><P>Is there a specific sequence requirement for attaching the interfaces to the instance? I went by mgmt, diag, inside and outside.</P><P>I created another Linux in the same mgmt subnet with an elastic IP. I can connect to the Linux box. From it, I still can't ping or ssh to the mgmt interface with its private IP...</P><P>What did I do wrong?&nbsp;</P><P>Thanks!</P><P>Difan</P> Thu, 21 Sep 2023 15:23:58 GMT https://community.cisco.com/t5/network-security/deploy-ftdv-in-aws-not-reachable/m-p/4926916#M1104442 Difan Zhao 2023-09-21T15:23:58Z https://community.cisco.com/t5/network-security/deploy-ftdv-in-aws-not-reachable/m-p/4926969#M1104443 <P>Hi <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/322596">@Difan Zhao</a>,</P> <P>If you can connect to management interface from same subnet but not from different one, I would assume your routing is not ok. Check what is your next hop, and what route table is attached to that network.</P> <P>Kind regards,</P> <P>Milos</P> Thu, 21 Sep 2023 07:08:34 GMT https://community.cisco.com/t5/network-security/deploy-ftdv-in-aws-not-reachable/m-p/4926969#M1104443 Milos_Jovanovic 2023-09-21T07:08:34Z https://community.cisco.com/t5/network-security/deploy-ftdv-in-aws-not-reachable/m-p/4927308#M1104459 <P>Hi Milos, sorry I meant I could connect to the Linux box and from the Linux box, I still can't connect to the FTD with its private IP on the mgmt subnet... I have updated my original post to have more clear wording. Sorry about the confusion... Thanks for your response.</P> Thu, 21 Sep 2023 15:25:05 GMT https://community.cisco.com/t5/network-security/deploy-ftdv-in-aws-not-reachable/m-p/4927308#M1104459 Difan Zhao 2023-09-21T15:25:05Z https://community.cisco.com/t5/network-security/deploy-ftdv-in-aws-not-reachable/m-p/4927378#M1104460 <P>Ok so I found out that AWS can do a "EC2 serial console" connection to it. Once I got in, I landed in the &gt; prompt. Then I ran the "configure network ipv4 manual 10.1.1.4 255.255.255.240 10.1.1.1" command and now it works.. I didn't do a "show network" beforehand so I don't know whether it had the IP before.&nbsp;</P> Thu, 21 Sep 2023 17:19:33 GMT https://community.cisco.com/t5/network-security/deploy-ftdv-in-aws-not-reachable/m-p/4927378#M1104460 Difan Zhao 2023-09-21T17:19:33Z