cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
286
Views
0
Helpful
6
Replies

Cisco Firepower Threat Defense Configuration of Network Objects

FLTRU16
Level 1
Level 1

Hoping someone can clarify this for me.

I have a FTD 1120, v7.4.2.1-30 being admin'd thru FDM. In the Networks section the values are all set at a /24 or smaller. Can Cisco handle a /17 or do I have to create multiple /24's and them group them together. All of Cisco documents show is a /24 or single subnet. 

Thanks in advance.

6 Replies 6

nspasov
Cisco Employee
Cisco Employee

Can you elaborate a bit more on what network objects you are referring to? Perhaps you can also include a screenshot.

Thank you for rating helpful posts!

FLTRU16
Level 1
Level 1

Objects > Networks

FLTRU16_0-1743436699935.png

When I add a new network like this, the rest of our network and VPN connection cannot see and connect. 

FLTRU16_1-1743436778598.png

I have to break them down to individual /24 networks then combine them into a group like this. But this still did not work for the Site-to-Site VPN. 

FLTRU16_2-1743436849277.png

I ended up breaking it down Barny style for Cisco to complete the connection

FLTRU16_3-1743437032755.png

 

Hope this helps some.

 

 

 

You use superNet for multi' that sure not work the ftd will mark it as conflict.

MHM

FLTRU16
Level 1
Level 1

I originally tried the superNet. Let the VPN simmer for 24 hours and it still would not connect. I changed back to /24 and the VPN instantly connected. I'm sure it is something I'm missing. 
I managed to go 16 years in IT without having to deal with Cisco products. some setting are just stupid.

 

Marvin Rhoads
Hall of Fame
Hall of Fame

Are you trying to reach resources via an IPsec VPN? Or something else? Cisco firewalls, FDM-managed or otherwise, can certainly handle a /17. However, there may be other factors you haven't mentioned so far that prevent your connectivity from working as desired in your case.

That is correct. We have Meraki MX devices at our off site location. When we create the supernet on our FTD to the MX's the MX sites are not able to see any of the IP Address in the supernet and the VPN Status just show a red status light for the Non-Meraki Peers. If we dismantle the supernet and set the subnets to a max of /24 everything works fine. 
I am not sure is using a FTD to connect all these sites is the best idea, would prefer to use a MX at our HQ but this is what I have to work with. 

Review Cisco Networking for a $25 gift card