https://community.cisco.com/t5/network-security/cisco-ftd-1010-ip-duplicate-issue-managed-by-fmc/m-p/3994233#M30811 <P>A couple of questions for you:</P> <P>1. Are you running ASA or FTD code on the 1010s?</P> <P>2. What is the version of ASA/FTD that you are running?</P> <P>3. Can you show us your DHCP configuration?</P> <P><EM>Thank you for rating helpful posts!</EM></P> Thu, 05 Dec 2019 17:02:06 GMT nspasov 2019-12-05T17:02:06Z https://community.cisco.com/t5/network-security/cisco-ftd-1010-ip-duplicate-issue-managed-by-fmc/m-p/3993569#M30807 <P>Hi All,</P><P>&nbsp;</P><P>I have purchased a couple of these devices to replace the old ASA 5505's in remote sites.</P><P>The devices have been configured with FMC. The remote sites may only have 1 staff PC so that will plug directly into the inside interface on these firewalls.</P><P>&nbsp;</P><P>I have created an inside Interface with a static IPv4 address. IPV6 is not enabled on it.<BR />I have also not enabled DHCP on the interface.</P><P>&nbsp;</P><P>I have tested this with desktops and laptops. If I configure a static IP address on the machine and plug directly into the Interface, the interface comes up but my machines tells me that the IP address is a duplicate address and I cannot ping the IP address of the Firewall.<BR />There is nothing else plugged in here. Just one machine connected to one interface on the Firewall and the management interface connected to a switch to connect to the FMC for management. I have even unplugged the management interface and same thing.</P><P>&nbsp;</P><P>Connection-specific DNS Suffix . :<BR />Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller<BR />Physical Address. . . . . . . . . : 58-8A-5A-30-71-2D<BR />DHCP Enabled. . . . . . . . . . . : No<BR />Autoconfiguration Enabled . . . . : Yes<BR />Link-local IPv6 Address . . . . . : fe80::bd99:cb71:b767:901c%22(Preferred)<BR />IPv4 Address. . . . . . . . . . . : 10.52.37.230(Duplicate)<BR />Subnet Mask . . . . . . . . . . . : 255.255.255.0<BR />Autoconfiguration IPv4 Address. . : 169.254.81.230(Tentative)<BR />Subnet Mask . . . . . . . . . . . : 255.255.0.0<BR />Default Gateway . . . . . . . . . : 10.52.37.254<BR />DHCPv6 IAID . . . . . . . . . . . : 123243098<BR />DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-0B-1B-51-58-8A-5A-30-71-2D<BR />DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1<BR />fec0:0:0:ffff::2%1<BR />fec0:0:0:ffff::3%1<BR />NetBIOS over Tcpip. . . . . . . . : Enabled</P><P><BR />If I configure DHCP on this interface it just cycles through the range of addresses and my machine never settles on an IP address and can never ping the firewall.</P><P>I have tested multiple machines to rule out a machine.<BR />I also have an old ASA 5505 and tested the machines with that and it works without any issues</P><P>It seems to me to be an FTD issue but I cannot work out what could possibly cause this?<BR /><BR /></P><P>I am hoping someone has come across this on the 1010's?</P><P>&nbsp;</P><P>Thanks</P><P>Gary</P> Wed, 04 Dec 2019 17:11:56 GMT https://community.cisco.com/t5/network-security/cisco-ftd-1010-ip-duplicate-issue-managed-by-fmc/m-p/3993569#M30807 garybrophy 2019-12-04T17:11:56Z https://community.cisco.com/t5/network-security/cisco-ftd-1010-ip-duplicate-issue-managed-by-fmc/m-p/3994233#M30811 <P>A couple of questions for you:</P> <P>1. Are you running ASA or FTD code on the 1010s?</P> <P>2. What is the version of ASA/FTD that you are running?</P> <P>3. Can you show us your DHCP configuration?</P> <P><EM>Thank you for rating helpful posts!</EM></P> Thu, 05 Dec 2019 17:02:06 GMT https://community.cisco.com/t5/network-security/cisco-ftd-1010-ip-duplicate-issue-managed-by-fmc/m-p/3994233#M30811 nspasov 2019-12-05T17:02:06Z https://community.cisco.com/t5/network-security/cisco-ftd-1010-ip-duplicate-issue-managed-by-fmc/m-p/3994274#M30812 <P>Hi nspasov</P><P>1) running the FTD code</P><P>2) Version is 6.4.0</P><P>3) I would actually prefer not to use DHCP - was just testing it as assigning a static IP address was not working.</P><P>&nbsp;</P><P>I connected there and went into system support diagnostic cli and did a show run (attached - with omitted&nbsp;customer&nbsp;info)</P><P>&nbsp;</P><P>1 PC with a static IP address - connected to the inside interface and it tells me its a duplicate address.</P><P>Nothing else connected.</P><P>Thanks</P><P>Gary</P> Thu, 05 Dec 2019 17:37:36 GMT https://community.cisco.com/t5/network-security/cisco-ftd-1010-ip-duplicate-issue-managed-by-fmc/m-p/3994274#M30812 garybrophy 2019-12-05T17:37:36Z https://community.cisco.com/t5/network-security/cisco-ftd-1010-ip-duplicate-issue-managed-by-fmc/m-p/4119549#M1072080 <P>Ran in to this problem also, where every single IP assigned to any device&nbsp;(static or DHCP) says it was a duplicate address. Turns out my internal interfaces was replying to all IP ARP request basically saying yes it was in use. The fix for this turned out to be in my NAT rules. I had configured <U>Static NAT rules</U> to forward ports from my outside IP to my inside devices, these NAT rule by default have<SPAN>&nbsp;proxy ARP on Destination Interface enabled. </SPAN></P><P><SPAN>In FMC go into your individual NAT rules click on the Advanced Tab and check the box next to&nbsp;Do not proxy ARP on Destination Interface. Now your firewall will quit replying to every request to see if that IP is in use some place.</SPAN></P><P>&nbsp;</P><P><SPAN>Hope this helps someone.</SPAN></P> Thu, 16 Jul 2020 01:41:56 GMT https://community.cisco.com/t5/network-security/cisco-ftd-1010-ip-duplicate-issue-managed-by-fmc/m-p/4119549#M1072080 ChadT 2020-07-16T01:41:56Z https://community.cisco.com/t5/network-security/cisco-ftd-1010-ip-duplicate-issue-managed-by-fmc/m-p/4423679#M1081770 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1075236">@ChadT</a>&nbsp;</P><P>Appreciate your answer a lot. It solved my issue.</P> Fri, 25 Jun 2021 08:50:51 GMT https://community.cisco.com/t5/network-security/cisco-ftd-1010-ip-duplicate-issue-managed-by-fmc/m-p/4423679#M1081770 PeymanSarayeli22142 2021-06-25T08:50:51Z