cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2065
Views
10
Helpful
5
Replies

FirePower Vlan communication

Cconchap
Level 1
Level 1

Hi,

I am working with a Cisco Firepower 2130 6.6.1

I have created several vlans and their subinterfaces.

I have configured an etherchannel to a switch but I have no connectivity between vlans, I only have ping if an interface is directly connected.

Someone who can tell me how to configure connectivity between vlans?

5 Replies 5

Hi @Cconchap 

You need to explicitly permit the intervlan traffic in the ACP, what rules do you have in place? Please provide a screenshot.

 

How are you testing? Are you pinging the FTD's interfaces? If so you can only ping the interface you are connected to. You cannot ping through the FTD to it's far interface, this is denied by design.

 

HTH

 

I leave a picture of the configured subinterfaces in my portchannel on the Firepower.

 

subs.PNG

I am trying to ping these addresses from a switch, but only one of them responds since it is the management one and it is directly connected.

As for allowing the traffic in ACP I don't have it, I am somewhat disoriented with that since it is my first time working with Firepower, any idea how I should do it?

 

 

regards.

 

Right, that's to be expected. If for example you are connect to interface 20.211 and attempting to ping 20.212 FTD interface IP address, that won't work and it's not possible to override - by design.

 

You can ping "through" the FTD, but you cannot ping "to" one of the FTD's far interfaces. Test connectivity by pinging "through" the FTD, from one vlan to a device on another vlan, but don't ping the FTD's interface. To ping "through" the FTD you will need the ACP rules configured to permit the traffic.

Hi @Rob Ingram 

 

This is the topology of my network, the Firepower 2130 are new equipment that is being added.

I am trying to make the connection from the firepower to the equipment that is seen in the upper part, but I have no connectivity.

Could you help me by indicating how I should do it? I don't have much experience with Firewalls and I'm quite complicated.

Towards the bottom I have a portchannel configured through which users must reach the existing services at the top through the Firewall.

 

network nwe.jpg

 

Hi 

 

Have same problem , how did you fix it ? 

 

thanks

 

Review Cisco Networking for a $25 gift card