11-13-2020 10:41 AM
Hi,
I am working with a Cisco Firepower 2130 6.6.1
I have created several vlans and their subinterfaces.
I have configured an etherchannel to a switch but I have no connectivity between vlans, I only have ping if an interface is directly connected.
Someone who can tell me how to configure connectivity between vlans?
11-13-2020 10:57 AM
Hi @Cconchap
You need to explicitly permit the intervlan traffic in the ACP, what rules do you have in place? Please provide a screenshot.
How are you testing? Are you pinging the FTD's interfaces? If so you can only ping the interface you are connected to. You cannot ping through the FTD to it's far interface, this is denied by design.
HTH
11-13-2020 11:15 AM
I leave a picture of the configured subinterfaces in my portchannel on the Firepower.
I am trying to ping these addresses from a switch, but only one of them responds since it is the management one and it is directly connected.
As for allowing the traffic in ACP I don't have it, I am somewhat disoriented with that since it is my first time working with Firepower, any idea how I should do it?
regards.
11-13-2020 12:06 PM - edited 11-13-2020 12:15 PM
Right, that's to be expected. If for example you are connect to interface 20.211 and attempting to ping 20.212 FTD interface IP address, that won't work and it's not possible to override - by design.
You can ping "through" the FTD, but you cannot ping "to" one of the FTD's far interfaces. Test connectivity by pinging "through" the FTD, from one vlan to a device on another vlan, but don't ping the FTD's interface. To ping "through" the FTD you will need the ACP rules configured to permit the traffic.
11-18-2020 11:07 AM - edited 11-18-2020 11:15 AM
Hi @Rob Ingram
This is the topology of my network, the Firepower 2130 are new equipment that is being added.
I am trying to make the connection from the firepower to the equipment that is seen in the upper part, but I have no connectivity.
Could you help me by indicating how I should do it? I don't have much experience with Firewalls and I'm quite complicated.
Towards the bottom I have a portchannel configured through which users must reach the existing services at the top through the Firewall.
02-05-2023 12:08 AM
Hi
Have same problem , how did you fix it ?
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide