06-12-2019 05:05 PM - edited 02-21-2020 09:12 AM
Hi,
I have rule 23 that allows all private IP address (IPv4 RFC1918 group object) to use ICMP and use TCP port 49 for TACACS+ to a specific IP (let's say 10.10.10.31). This rule seems not to work as I get the below result from a packet tracer on the FMC. It seems like the private IPs don't get allowed by rule 23 and continue down until they hit the default deny deny statement at the end. What could I be missing or what could be causing this?
Phase: 4
Type: ACCESS-LIST
Subtype: log
Result: DROP
Config:
access-group CSM_FW_ACL_ global
access-list CSM_FW_ACL_ advanced deny ip any any rule-id 268434438 event-log flow-start
access-list CSM_FW_ACL_ remark rule-id 268434438: ACCESS POLICY: NAP10-Access-Policy - Default
access-list CSM_FW_ACL_ remark rule-id 268434438: L4 RULE: Default Policy
Additional Information:
Solved! Go to Solution.
06-14-2019 09:14 AM
NSFD_TCP is the name Firepower has when you search TCP port 49. Before that I used just the manual port 49. I with the help of TAC I fixed the issue. It was asymmetric routing. Traffic was coming to target device bypassing the Firepower and then the target device would send traffic back through the Firepower. Because Firepower didn't see the requests coming in, it was dropping the return traffic.
06-13-2019 07:17 AM
Can you share the ACP rule that you intend to catch the traffic?
06-13-2019 09:59 AM
06-13-2019 10:51 PM
The destination ports in your ACP rule are the object "NSFD_TCP". Only traffic matching the ports in that service-group will be caught by that rule.
06-14-2019 09:14 AM
NSFD_TCP is the name Firepower has when you search TCP port 49. Before that I used just the manual port 49. I with the help of TAC I fixed the issue. It was asymmetric routing. Traffic was coming to target device bypassing the Firepower and then the target device would send traffic back through the Firepower. Because Firepower didn't see the requests coming in, it was dropping the return traffic.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: