cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
288
Views
0
Helpful
4
Replies
fersherls22
Beginner

FTDv Initial Configuration Issue (ICMP Fails)

Hello Cisco Community

 

I have an issue with the initial configuration on a FTDv FDM, pretty much the issue is that I cannot seem to receive the traffic on the FTDv when I try to reach any Public addresses , a little bit about the setup

 

4 Interfaces (Inside, Outside, MGMT and Diagnostic)

 

From the FTDv directly I can ping google(8.8.8.8) without issues

 

From the subnets on AWS I can ping all interfaces of the FTDv, but not to google or any public subnet.

 

I did a packet tracer test simulating any of the servers I have on AWS and traffic is allowed correctly.

 

However I never see the attempts reaching the FTD when I ping google or any public IP if I do it from the servers on the AWS VPC.

 

In the VPC my next hop for 0.0.0.0/0 is the Inside Interface NIC of the FTDv

 

PD: I do see the traffic of the servers when I ping the interfaces of the FTDv since those are working fine. but not when I ping anything Public.

 

Seems like an issue between the FTDv and AWS Vpc

 

Hoping somebody has some insight on it

1 ACCEPTED SOLUTION

Accepted Solutions

Hi Fersherls22,
I don't know but I have a feeling reading the guide for setup, it asks for "When configuring traffic interfaces in AWS, you must disable the "Change Source/Dest. Check" option".
I haven't setup FTD on AWS yet but I think this might be the issue not seeing traffic reaching the interface.

[cid:image001.png@01D8245D.F087CDE0]

Kind Regards
Taqi Al-shamiri

View solution in original post

4 REPLIES 4
takiadeen
Beginner

Hi,
I am not sure about AWS but have you checked on AWS if there is any interface settings need to be set like promiscuous setting, ARP etc.
Have you performed packet captures on asp drops to see if the traffic arrive but dropped on the FTD.
I assume since the FTD receive traffic distend to itself but not to any other destination then I would believe there is either routing issue from aws to FTD for these destinations or an interface on AWS is dropping them due to configuration or checkbox setting.

Hey Takiadeen 

 

I did setup a capture on the FTDv Inside, thats where I see the Successful ICMP to the inside and outside interfaces, but when ICMP done to 8.8.8.8 I never see it in the capture not sure if the FTDv can drop that traffic at another layer? but seems to me it doesnt even reach it to the FTDv Initially, because with a packet tracer that traffic to 8.8.8.8 should be succesful.

my default route on the AWS server is the inside interface NIC routing to the servers is fine since I can ping the servers from the FTDv also.

 

Best Regards!

Hi Fersherls22,
I don't know but I have a feeling reading the guide for setup, it asks for "When configuring traffic interfaces in AWS, you must disable the "Change Source/Dest. Check" option".
I haven't setup FTD on AWS yet but I think this might be the issue not seeing traffic reaching the interface.

[cid:image001.png@01D8245D.F087CDE0]

Kind Regards
Taqi Al-shamiri

That actually was the issue I checked that option for the interfaces on the FTDv and it worked!

 

Thank you soo much!

Create
Recognize Your Peers
Content for Community-Ad