cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1584
Views
5
Helpful
5
Replies

problem with decrement-ttl traceroute

saber.sattari
Level 1
Level 1

 

ddd.jpg

 

please help me . i can not do it 

 

5 Replies 5

Marvin Rhoads
Hall of Fame
Hall of Fame

Try removing the "icmp..." line and putting that in a separate FlexConfig object.

Also make sure you've typed in the line manually and not pasted it from an external text editor.

It works fine on my FMC (currently running 6.5.0 but this config has been in place since 6.1.x):

 

TTL FlexConfig.PNG

Hi,

The flexconfig method certainly worked before on older versions of FTD, but I've recently deployed FTD 6.4 and I recieved the same error "error - unsupported CLI" as you do.

 

This cisco documentation provides provides the new method to configure. You will need to define and extended ACL, then define a "Threat Defense Service Rule" under the Access Control Policy > Advanced settings.

 

ACL

 

acl.PNG

 

Threat Defense Service Policy

advanced settings.PNG

 

polc summary.PNG

 

Once configured the output on the CLI is the same syntax as before, I assume Cisco has just removed the ability to configure via Flexconfig in newer versions.

 

HTH

Good catch @Rob Ingram!

It looks like upgraded FMC carries forward the old syntax but new installations require you to use the new method. That's confusing to say the least.

saber.sattari
Level 1
Level 1

Thank you for your answer
But the problem still exists

marvin , RJI 

I did all that you said , But when I write the word (connection ), the problem is correct

1.jpg2.jpg

 

Hi,

I think you did not read my comment properly, you cannot configure this command using Flexconfig on newer versions of FTD.

 

As per the cisco guide here, you need to define an Extended ACL and modify the Threat Defense Service Policy to reference the ACL and then tick the box to "Enable Decrement TTL". See the screenshots I previously provided.

 

HTH

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: