cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1964
Views
0
Helpful
4
Replies

Firepower 4100 ACP rule not working?

Larry Sullivan
Level 3
Level 3

Hi,


I have rule 23 that allows all private IP address (IPv4 RFC1918 group object) to use ICMP and use TCP port 49 for TACACS+ to a specific IP (let's say 10.10.10.31). This rule seems not to work as I get the below result from a packet tracer on the FMC. It seems like the private IPs don't get allowed by rule 23 and continue down until they hit the default deny deny statement at the end. What could I be missing or what could be causing this?


Phase: 4
Type: ACCESS-LIST
Subtype: log
Result: DROP
Config:
access-group CSM_FW_ACL_ global
access-list CSM_FW_ACL_ advanced deny ip any any rule-id 268434438 event-log flow-start
access-list CSM_FW_ACL_ remark rule-id 268434438: ACCESS POLICY: NAP10-Access-Policy - Default
access-list CSM_FW_ACL_ remark rule-id 268434438: L4 RULE: Default Policy
Additional Information:

1 Accepted Solution

Accepted Solutions

NSFD_TCP is the name Firepower has when you search TCP port 49.  Before that I used just the manual port 49.  I with the help of TAC I fixed the issue.  It was asymmetric routing.  Traffic was coming to target device bypassing the Firepower and then the target device would send traffic back  through the Firepower.  Because Firepower didn't see the requests coming in, it was dropping the return traffic.

View solution in original post

4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

Can you share the ACP rule that you intend to catch the traffic?

I've attached a snip of it to my first post. Not sure if there is a way to export a text example.

The destination ports in your ACP rule are the object "NSFD_TCP". Only traffic matching the ports in that service-group will be caught by that rule.

NSFD_TCP is the name Firepower has when you search TCP port 49.  Before that I used just the manual port 49.  I with the help of TAC I fixed the issue.  It was asymmetric routing.  Traffic was coming to target device bypassing the Firepower and then the target device would send traffic back  through the Firepower.  Because Firepower didn't see the requests coming in, it was dropping the return traffic.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: