cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1988
Views
8
Helpful
14
Replies

FTD 1010 all traffic destined to the ip address of the outside

saids3
Level 1
Level 1

Hello 

issue with ftd 1010 unit configured working perfectly but after restarting the unit I received this error from cli “all traffic destined to the ip address of the outside interface is being redirected” I’m not able to access the unit through the ip only by command consul cable —- 

can you please support!! 

1 Accepted Solution
14 Replies 14

manabans
Cisco Employee
Cisco Employee

The below awarning appears mostly when there is a NAT misconfiguration,

All traffic destined to the IP address of the outside interface is being redirected.

It is recommended that you check the NAT configuration on the device via the console and make sure that the interface used for SSH is not part of any static NAT statement that is defined on the device.

Thank you 
I have disabled the ssh from inside the data interface --- 
Can you please review the NAT?

Thanks for attaching the NAT details. The NAT seems good, no such NAT should cause SSH to break.

Please engage TAC to assist you troubleshoot the issue.

Anyconnect OUTside/ANY <<- this NATING for what ? for U-turn traffic of anyconnect ?

Yes, U-Turn the traffic - I'm not using full Tunneling, so do I need this rule? or I can replace it with Hiring Rule? 

I Think you can use Outside/Outside instead 

Do you mean - 

Auto Nat/ dynamic/outside/outside/anyconnect-pool/Interface 

saids3
Level 1
Level 1

Thank you Manabans - 
I have restarted the system to confirm but so far is working fine - no issue -
Question about the middle light keeps always blinking (Yellow). the system is running device is licensed, no issue. Wondering what could be the reasons?

I have had this same issue recently where the ssh daemon had hung / stopped responding.  restarting the SSH daemon in expert mode solved the issue, but I also did a reboot of the FTD incase there were other processes that were hanging.

--
Please remember to select a correct answer and rate helpful posts

Which command did you use to restart the daemon? Please. Are you referring to the yellow blinking light (S)? 

No I am not referring to the yellow light, You would need to post a picture of it or explain closer as to which light it is as there are a few lights present on the FTD device.

The command I used to restart the SSH daemon was:

/etc/init.d/sshd restart

--
Please remember to select a correct answer and rate helpful posts

This one see attached photo 

blinking yellow (S) 

That means you have a hardware error / failure.

  • Amber—Critical alarm indicating one or more of the following:

    • Major failure of a hardware or software component.

    • Over-temperature condition.

    • Power voltage outside the tolerance range.

https://www.cisco.com/c/en/us/td/docs/security/firepower/1010/hw/guide/hw-install-1010/overview.html#id_85128

 

--
Please remember to select a correct answer and rate helpful posts
Review Cisco Networking for a $25 gift card