topic Re: Cisco FTD ping VRF in Network Security

Cisco FTD ping VRF

D Le Wando — Tue, 06 Feb 2024 15:27:48 GMT

Hi,

pinging a VRF interface is not possible on FTD. Is this a feature?

Pinging from VRF to somewhere works, but if you try to ping a VRF from outside, it's dropped by "implicit rule"?

Phase: 5 Type: ACCESS-LIST Subtype: Result: DROP Elapsed time: 122 ns Config: Implicit Rule Additional Information: Drop-reason: (acl-drop) Flow is denied by configured rule, Drop-location: frame 0x0000xxxxxxx

So this is a bit annoying if you want to troubleshoot ... any idea? Is there a way to enable "allow pinging vrf"?

Re: Cisco FTD ping VRF

Aref Alsouqi — Tue, 06 Feb 2024 15:49:52 GMT

Are you trying to ping one of the FTD interfaces from another segment connected to another interface? if so, that won't work as none of the FTDs or ASAs allows this by design. Essentially, if you try to ping the outside interface from the inside network, or for instance from the inside segment to the DMZ interface, the ping will fail regardless of VRF.

Re: Cisco FTD ping VRF

D Le Wando — Tue, 06 Feb 2024 15:53:28 GMT

thats what I feared.
Thx for your fast reply