Solved: Re: Fire Power 2130 Gateway cannot be reached through port Ethernet1/1 named “outside”

Cconchap · ‎11-11-2020

I am trying to activate my smart licenses, but I have the following message, I think it is a configuration error, but I could not understand what it is, my firepower 2130 has ping to tools.cisco.com.

Marvin Rhoads · ‎11-11-2020

The address must be reachable from the management interface. Try "ping system tools.cisco.com" to confirm that.

Also, the gateway mentioned in your screen shot error message would be whatever is configured as the default route for the data interface. Try "show route" to confirm that.

View solution in original post

Marvin Rhoads · ‎11-11-2020

The address must be reachable from the management interface. Try "ping system tools.cisco.com" to confirm that.

Also, the gateway mentioned in your screen shot error message would be whatever is configured as the default route for the data interface. Try "show route" to confirm that.

brunosa3 · ‎03-02-2021

Hello everyone,

this is my first post in this forum

I lose my mind - Im struggling with the most basic things and hope to get some clarifications/guidance in this thread. I recently bought a FIREPOWER 1010 and try to get the box started. However, I have the same issue as described in this thread I cannot activate my smart licenses because "Gateway cannot be reached through port Ethernet1/1 named “outside”.

To my physical cable connections:
my router (Telekom Speedport pro 192.168.1.2) and port1 of my firepower are connected via a Zyxel GS-1900 48HP (192.168.1.101) Switch (I also tried to connect it directly - didn t work either).

In the IP router table i can see the firepower under 192.168.1.114. However, I cannot ping this IP nor can i ping from the inside (CLI from 192.168.1.1) to the outside.

In the attachment you see the routes I have set so far.

Does anyone know what Iam missing?

Kind regards

Sandro

Marvin Rhoads · ‎03-02-2021

It looks like you have the 192.168.1.0/24 network defined on both the inside and outside. Those need to be on different subnets.

Also, you haven't shared the management setup ("show network" from the cli).

brunosa3 · ‎03-02-2021

Hi Marvin,

many thanks for your quick response.

Im sorry i don t know how to upload screenshots other than in the word document i have uploaded in my previous post. Are you able to open it?

So you are saying my gateway (router), switch (eg 192.168.1.0/24) and so on need to be on another subnet than the firepower (inside eg 192.168.45.0/24). But in this case I should be able to access the internet via the management port, right? Im just asking because even there I have the same error.

Kind regards,

Sandro

brunosa3 · ‎03-07-2021

Marvin Rhoads · ‎03-07-2021

Each interface of the firewall must be in a different subnet. You have the inside and outside interfaces in the same subnet. Since outside appears to be DHCP-addressed, you must change your inside subnet from the default 192.168.1.0/24 to something unique.

The getting started guide for these devices is really quite thorough and should be followed, adjusting to suit your conditions.

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp1010/firepower-1010-gsg/ftd-fdm.html

brunosa3 · ‎03-08-2021

thank you so much !!! That was the trick!!!