Re: Cisco ASA device and "nlp_int_tap" interface

alfio.pafumi · ‎08-11-2017

Hi All,

I am trying to understand what traffic is usually expected to flow through the "nlp_int_tap" interface in an ASA device.

The only reference I found, so far, looking at Cisco docs, is that this interface is used for system communications:

https://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_for_Firepower_Threat_Defense/s_1.html

(searching in that page for “nlp_int_tap” there is a very brief note, mentioning that).

Is it correct?

Is also correct to assume that no business related network traffic should, usually, use that interface?

Thanks for any help!

A.

patoberli · ‎07-14-2018

Have you found this ever out?

Asking because I just replaced my old ASAs with new Firepower 2110 ASA models for VPN access.

Most client traffic seems to use the source interface named 'nlp_int_tap', but I haven't named an interface such. I did mostly copy&paste the old configuration to the new device.

Amafsha1 · ‎05-07-2020

I'm having the same problem and it generates a lot of traffic. did you figure out what this is?

patoberli · ‎05-08-2020

I have since upgraded to 9.12(3) and haven't seen this issue anymore. I'm not sure though, if the upgrade was the solution or something else I changed in the past.

fly · ‎12-19-2023

we found many drops on this interface

Traffic Statistics for "nlp_int_tap":
40900625 packets input, 2868084192 bytes
833962 packets output, 23351096 bytes
40066668 packets dropped <<<<<<======

version is 9.12(4)