Re: Communication between different interfaces does not work in FDM.

SeokGeunChoi73564 · ‎01-07-2024

Hello everyone.
This is a lab test using FDM 7.2.0-82 firmware on FPR 2110.
The lab test environment was created like this.
1. The 10.10.10.1/30 Routed interface named Inside.
2. 10.111.111.2/30 Routed interface named rip-test-out.
3. L3 (C9300) equipment was connected to the inside and rip-test-out interfaces.
4. Internal/external C9300 devices and FDM have learned the routing table through the RIP routing protocol.
5. In FDM, the ACL policy was set to any <> any Allowed.

6. Some inspection-related matters have been removed using Flexconfig.

The problem is that neither ping nor MSTSC communication between both PCs works.
I will attach the configuration and packet capture contents.

Why can't ping or mstsc connect between PCs? (*Of course, both PCs allow MSTSC and can be connected and used remotely. Since this is a work PC, all firewalls are turned off.)

If you need more data to solve your problem, please let me know.
Thanks.

MHM Cisco World · ‎01-07-2024

are the ping test initiate from IN toward OUT ?
if NO
then you need other ACL
OUT to IN permit traffic
MHM

SeokGeunChoi73564 · ‎01-08-2024

ping and mstsc test initiated from inside to rip-test-out.

You can see this by looking at FDM Access control policies.png.

Thanks.

MHM Cisco World · ‎01-08-2024

add ACL OUT to IN and check
MHM

SeokGeunChoi73564 · ‎01-08-2024

Hi MHM,

I added Out-to-in Allow ACL rule (no.2)

Communicate still failed.

+ No ACL rules hit..

Thanks.

MHM Cisco World · ‎01-09-2024

Hi Friend
ONE SW you connect two port to FPR
each port have different IP

this explain the issue
the SW must have two vlan, one vlan for each FPR router port
this I think what we missing here
MHM