Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
341
Views
1
Helpful
4
Replies

CSCwn92354 - ENH | Configure /31 on Firepower managed by FDM

OBXLife
Level 1
Level 1

‎01-31-2025 01:44 PM

Cisco must address the lack of support for RFC3021 on the Firewall FTD platform. Many ISPs use /31 to conserve IPV4 address space. The absence of this support prevents the use of a Firepower device to connect to an ISP utilizing /31 address administration.

In contrast, the FMC does allow and support /31 addressing.

However, the FTD does not, which means the FTd cannot be used as a WAN connection to an ISP utilizing /31 for customers. This limitation prevents the FTD devices from being deployed to remote locations or managed by a remote FMC if the /31 is used for the management interface.

Cisco did implement this on the FMC be failed to implement this on the FTD, so the FTd is able to support it.

Labels:
0 Helpful
4 Replies 4

MHM Cisco World
VIP
VIP

‎01-31-2025 05:13 PM

FTD can manage by FDM or FMC
if it mgmt by FDM you can not use /31 
if it mgmt by FMC you can use /31 
MHM

0 Helpful

OBXLife
Level 1
Level 1
In response to MHM Cisco World

‎02-01-2025 04:29 AM

That make entirely no sense. If using the FTD for a remote office and the ISP supplies a /31 then an extra router needs to be used and NAT translations needs to be setup.   Just fix the FDM and allow /31 addressing. I see no reason Cisco should not support this RFC that Cisco co-wrote. I understand and agree with your statement above. It just make no sense. 

Please tell me why Cisco believe this is an acceptable limitation.

0 Helpful

MHM Cisco World
VIP
VIP
In response to OBXLife

‎02-01-2025 04:49 AM

/31 give one host IP,
it use ONLY for P2P 
one peer will use this Host IP and other peer will use broadcast IP of network, 
notice since it P2P this type not need broadcast.
is that what you ask for ?
MHM

0 Helpful

OBXLife
Level 1
Level 1
In response to MHM Cisco World

‎02-01-2025 05:03 AM

I believe the answer would be yes. I admit I do not understand all of the implications effects on the broadcast mechanisms. I do know Cisco and other manufactures have implemented this. The behavior should be the same as implemented elsewhere. Being an end-user, I just need to implement the devices. ISP are more frequently providing /31 on P2P WAN links and it is not possible to implement a FDM to be later managed by a FMC in this scenario. 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card