Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1083
Views
0
Helpful
4
Replies

FTDv Initial Configuration Issue (ICMP Fails)

Go to solution
fersherls22
Level 1
Level 1

‎02-17-2022 02:19 PM

Hello Cisco Community

 

I have an issue with the initial configuration on a FTDv FDM, pretty much the issue is that I cannot seem to receive the traffic on the FTDv when I try to reach any Public addresses , a little bit about the setup

 

4 Interfaces (Inside, Outside, MGMT and Diagnostic)

 

From the FTDv directly I can ping google(8.8.8.8) without issues

 

From the subnets on AWS I can ping all interfaces of the FTDv, but not to google or any public subnet.

 

I did a packet tracer test simulating any of the servers I have on AWS and traffic is allowed correctly.

 

However I never see the attempts reaching the FTD when I ping google or any public IP if I do it from the servers on the AWS VPC.

 

In the VPC my next hop for 0.0.0.0/0 is the Inside Interface NIC of the FTDv

 

PD: I do see the traffic of the servers when I ping the interfaces of the FTDv since those are working fine. but not when I ping anything Public.

 

Seems like an issue between the FTDv and AWS Vpc

 

Hoping somebody has some insight on it

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
takiadeen
Level 1
Level 1
In response to fersherls22

‎02-17-2022 04:25 PM

Hi Fersherls22,
I don't know but I have a feeling reading the guide for setup, it asks for "When configuring traffic interfaces in AWS, you must disable the "Change Source/Dest. Check" option".
I haven't setup FTD on AWS yet but I think this might be the issue not seeing traffic reaching the interface.

[cid:image001.png@01D8245D.F087CDE0]

Kind Regards
Taqi Al-shamiri

View solution in original post

0 Helpful
4 Replies 4

Go to solution
takiadeen
Level 1
Level 1

‎02-17-2022 03:05 PM

Hi,
I am not sure about AWS but have you checked on AWS if there is any interface settings need to be set like promiscuous setting, ARP etc.
Have you performed packet captures on asp drops to see if the traffic arrive but dropped on the FTD.
I assume since the FTD receive traffic distend to itself but not to any other destination then I would believe there is either routing issue from aws to FTD for these destinations or an interface on AWS is dropping them due to configuration or checkbox setting.
0 Helpful

Go to solution
fersherls22
Level 1
Level 1
In response to takiadeen

‎02-17-2022 04:07 PM

Hey Takiadeen 

 

I did setup a capture on the FTDv Inside, thats where I see the Successful ICMP to the inside and outside interfaces, but when ICMP done to 8.8.8.8 I never see it in the capture not sure if the FTDv can drop that traffic at another layer? but seems to me it doesnt even reach it to the FTDv Initially, because with a packet tracer that traffic to 8.8.8.8 should be succesful.

my default route on the AWS server is the inside interface NIC routing to the servers is fine since I can ping the servers from the FTDv also.

 

Best Regards!

0 Helpful

Go to solution
takiadeen
Level 1
Level 1
In response to fersherls22

‎02-17-2022 04:25 PM

Hi Fersherls22,
I don't know but I have a feeling reading the guide for setup, it asks for "When configuring traffic interfaces in AWS, you must disable the "Change Source/Dest. Check" option".
I haven't setup FTD on AWS yet but I think this might be the issue not seeing traffic reaching the interface.

[cid:image001.png@01D8245D.F087CDE0]

Kind Regards
Taqi Al-shamiri
0 Helpful

Go to solution
fersherls22
Level 1
Level 1
In response to takiadeen

‎02-17-2022 05:26 PM

That actually was the issue I checked that option for the interfaces on the FTDv and it worked!

 

Thank you soo much!

0 Helpful
Customers Also Viewed These Support Documents