02-06-2024 07:27 AM
Hi,
pinging a VRF interface is not possible on FTD. Is this a feature?
Pinging from VRF to somewhere works, but if you try to ping a VRF from outside, it's dropped by "implicit rule"?
Phase: 5
Type: ACCESS-LIST
Subtype:
Result: DROP
Elapsed time: 122 ns
Config:
Implicit Rule
Additional Information:
Drop-reason: (acl-drop) Flow is denied by configured rule, Drop-location: frame 0x0000xxxxxxx
So this is a bit annoying if you want to troubleshoot ... any idea? Is there a way to enable "allow pinging vrf"?
02-06-2024 07:49 AM
Are you trying to ping one of the FTD interfaces from another segment connected to another interface? if so, that won't work as none of the FTDs or ASAs allows this by design. Essentially, if you try to ping the outside interface from the inside network, or for instance from the inside segment to the DMZ interface, the ping will fail regardless of VRF.
02-06-2024 07:53 AM
thats what I feared.
Thx for your fast reply
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide