03-05-2020 05:01 AM
Im in the process of replacing 5505 and 5506 with FPR-1010. (code: 6.5.0.4).
When running IPsec between two subnets for example:
FPR-2130 subnet 10.0.0.0/23 <-------> 10.199.24.0/24 (FPR-1010 has IP .1 (BV1) and .2 (MNGT).
I cannot access the unit itself (.1.2), all other IPs in the subnet is reachable. The error is:
Deny IP spoof from (10.0.0.x) to 10.199.24.1 on the interface outside
Can anyone help me get around this ?
Solved! Go to Solution.
03-10-2020 01:10 AM - edited 03-10-2020 05:07 AM
Used the MNGT gateway with defined gateway unique gw instead of data interface gateway. This gives access to SSH and HTTPS.
03-05-2020 06:21 AM
03-06-2020 05:37 AM
No routed mode.
03-07-2020 02:55 AM
Ah - so you are trying to reach the Firepower inside and management addresses from the remote end of the site-site VPN? That's generally not possible since the traffic needs to come from one of the inside networks. Otherwise the Firepower would be sending it's own replies through itself - which is roughly what the log message is telling you.
03-10-2020 01:10 AM - edited 03-10-2020 05:07 AM
Used the MNGT gateway with defined gateway unique gw instead of data interface gateway. This gives access to SSH and HTTPS.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide