https://community.cisco.com/t5/network-security/communication-between-different-interfaces-does-not-work-in-fdm/m-p/4992653#M1107689 <P>Hi Friend&nbsp;<BR /><STRONG>ONE</STRONG> SW you connect two port to FPR&nbsp;<BR />each port have different IP<BR /><BR />this explain the issue&nbsp;<BR />the SW must have two vlan, one vlan for each FPR router port&nbsp;<BR />this I think what we missing here&nbsp;<BR />MHM</P> Tue, 09 Jan 2024 10:08:30 GMT MHM Cisco World 2024-01-09T10:08:30Z https://community.cisco.com/t5/network-security/communication-between-different-interfaces-does-not-work-in-fdm/m-p/4991298#M1107630 <P>Hello everyone.<BR />This is a lab test using FDM 7.2.0-82 firmware on FPR 2110.<BR />The lab test environment was created like this.<BR />1. The 10.10.10.1/30 Routed interface named Inside.<BR />2. 10.111.111.2/30 Routed interface named rip-test-out.<BR />3. L3 (C9300) equipment was connected to the inside and rip-test-out interfaces.<BR />4. Internal/external C9300 devices and FDM have learned the routing table through the RIP routing protocol.<BR />5. In FDM, the ACL policy was set to any &lt;&gt; any Allowed.</P> <P>6.&nbsp;Some inspection-related matters have been removed using Flexconfig.</P> <P>The problem is that neither ping nor MSTSC communication between both PCs works.<BR />I will attach the configuration and packet capture contents.</P> <P>Why can't ping or mstsc connect between PCs? (*Of course, both PCs allow MSTSC and can be connected and used remotely. Since this is a work PC, all firewalls are turned off.)</P> <P>If you need more data to solve your problem, please let me know.<BR />Thanks.</P> Mon, 08 Jan 2024 01:00:19 GMT https://community.cisco.com/t5/network-security/communication-between-different-interfaces-does-not-work-in-fdm/m-p/4991298#M1107630 SeokGeunChoi73564 2024-01-08T01:00:19Z https://community.cisco.com/t5/network-security/communication-between-different-interfaces-does-not-work-in-fdm/m-p/4991596#M1107631 <P>are the ping test initiate from IN toward OUT ?<BR />if NO&nbsp;<BR />then you need other ACL&nbsp;<BR />OUT to IN permit traffic&nbsp;<BR />MHM</P> Mon, 08 Jan 2024 07:43:35 GMT https://community.cisco.com/t5/network-security/communication-between-different-interfaces-does-not-work-in-fdm/m-p/4991596#M1107631 MHM Cisco World 2024-01-08T07:43:35Z https://community.cisco.com/t5/network-security/communication-between-different-interfaces-does-not-work-in-fdm/m-p/4992309#M1107679 <P>ping and mstsc test initiated from inside to rip-test-out.</P> <P>You can see this by looking at FDM Access control policies.png.</P> <P>Thanks.</P> Mon, 08 Jan 2024 23:36:53 GMT https://community.cisco.com/t5/network-security/communication-between-different-interfaces-does-not-work-in-fdm/m-p/4992309#M1107679 SeokGeunChoi73564 2024-01-08T23:36:53Z https://community.cisco.com/t5/network-security/communication-between-different-interfaces-does-not-work-in-fdm/m-p/4992332#M1107680 <P>add ACL OUT to IN and check&nbsp;<BR />MHM</P> Mon, 08 Jan 2024 23:48:34 GMT https://community.cisco.com/t5/network-security/communication-between-different-interfaces-does-not-work-in-fdm/m-p/4992332#M1107680 MHM Cisco World 2024-01-08T23:48:34Z https://community.cisco.com/t5/network-security/communication-between-different-interfaces-does-not-work-in-fdm/m-p/4992398#M1107682 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="SeokGeunChoi73564_0-1704767517400.png" style="width: 635px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/206734iC11E3DB7E9EF63B9/image-dimensions/635x164?v=v2" width="635" height="164" role="button" title="SeokGeunChoi73564_0-1704767517400.png" alt="SeokGeunChoi73564_0-1704767517400.png" /></span></P> <P>Hi MHM,</P> <P>I added Out-to-in Allow ACL rule (no.2)</P> <P>Communicate still failed.</P> <P>&nbsp;</P> <P>+ No ACL rules hit..</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="SeokGeunChoi73564_0-1704778107321.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/206741i9FA08FFE35CAD64F/image-size/medium?v=v2&amp;px=400" role="button" title="SeokGeunChoi73564_0-1704778107321.png" alt="SeokGeunChoi73564_0-1704778107321.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Thanks.</P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 09 Jan 2024 05:29:43 GMT https://community.cisco.com/t5/network-security/communication-between-different-interfaces-does-not-work-in-fdm/m-p/4992398#M1107682 SeokGeunChoi73564 2024-01-09T05:29:43Z https://community.cisco.com/t5/network-security/communication-between-different-interfaces-does-not-work-in-fdm/m-p/4992653#M1107689 <P>Hi Friend&nbsp;<BR /><STRONG>ONE</STRONG> SW you connect two port to FPR&nbsp;<BR />each port have different IP<BR /><BR />this explain the issue&nbsp;<BR />the SW must have two vlan, one vlan for each FPR router port&nbsp;<BR />this I think what we missing here&nbsp;<BR />MHM</P> Tue, 09 Jan 2024 10:08:30 GMT https://community.cisco.com/t5/network-security/communication-between-different-interfaces-does-not-work-in-fdm/m-p/4992653#M1107689 MHM Cisco World 2024-01-09T10:08:30Z