Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
236
Views
1
Helpful
2
Replies

Cisco FTD ping VRF

D Le Wando
Level 1
Level 1

‎02-06-2024 07:27 AM

Hi,

pinging a VRF interface is not possible on FTD. Is this a feature?

Pinging from VRF to somewhere works, but if you try to ping a VRF from outside, it's dropped by "implicit rule"?

 

Phase: 5
Type: ACCESS-LIST
Subtype:
Result: DROP
Elapsed time: 122 ns
Config:
Implicit Rule
Additional Information:

Drop-reason: (acl-drop) Flow is denied by configured rule, Drop-location: frame 0x0000xxxxxxx

 

So this is a bit annoying if you want to troubleshoot ... any idea? Is there a way to enable "allow pinging vrf"?

0 Helpful
2 Replies 2

Aref Alsouqi
VIP
VIP

‎02-06-2024 07:49 AM

Are you trying to ping one of the FTD interfaces from another segment connected to another interface? if so, that won't work as none of the FTDs or ASAs allows this by design. Essentially, if you try to ping the outside interface from the inside network, or for instance from the inside segment to the DMZ interface, the ping will fail regardless of VRF.

D Le Wando
Level 1
Level 1

‎02-06-2024 07:53 AM

thats what I feared.
Thx for your fast reply

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card