Solved: Re: FTD 1010 all traffic destined to the ip address of the outside

saids3 · ‎05-21-2023

Hello

issue with ftd 1010 unit configured working perfectly but after restarting the unit I received this error from cli “all traffic destined to the ip address of the outside interface is being redirected” I’m not able to access the unit through the ip only by command consul cable —-

can you please support!!

MHM Cisco World · ‎05-24-2023

View solution in original post

manabans · ‎05-23-2023

The below awarning appears mostly when there is a NAT misconfiguration,

All traffic destined to the IP address of the outside interface is being redirected.

It is recommended that you check the NAT configuration on the device via the console and make sure that the interface used for SSH is not part of any static NAT statement that is defined on the device.

saids3 · ‎05-23-2023

Thank you
I have disabled the ssh from inside the data interface ---
Can you please review the NAT?

manabans · ‎05-23-2023

Thanks for attaching the NAT details. The NAT seems good, no such NAT should cause SSH to break.

Please engage TAC to assist you troubleshoot the issue.

MHM Cisco World · ‎05-24-2023

Anyconnect OUTside/ANY <<- this NATING for what ? for U-turn traffic of anyconnect ?

saids3 · ‎05-24-2023

Yes, U-Turn the traffic - I'm not using full Tunneling, so do I need this rule? or I can replace it with Hiring Rule?

MHM Cisco World · ‎05-24-2023

I Think you can use Outside/Outside instead

saids3 · ‎05-24-2023

Do you mean -

Auto Nat/ dynamic/outside/outside/anyconnect-pool/Interface

MHM Cisco World · ‎05-24-2023

saids3 · ‎05-24-2023

Thank you Manabans -
I have restarted the system to confirm but so far is working fine - no issue -
Question about the middle light keeps always blinking (Yellow). the system is running device is licensed, no issue. Wondering what could be the reasons?

Marius Gunnerud · ‎05-24-2023

I have had this same issue recently where the ssh daemon had hung / stopped responding. restarting the SSH daemon in expert mode solved the issue, but I also did a reboot of the FTD incase there were other processes that were hanging.

--
Please remember to select a correct answer and rate helpful posts

saids3 · ‎05-24-2023

Which command did you use to restart the daemon? Please. Are you referring to the yellow blinking light (S)?

Marius Gunnerud · ‎05-24-2023

No I am not referring to the yellow light, You would need to post a picture of it or explain closer as to which light it is as there are a few lights present on the FTD device.

The command I used to restart the SSH daemon was:

/etc/init.d/sshd restart

--
Please remember to select a correct answer and rate helpful posts

saids3 · ‎05-24-2023

This one see attached photo

blinking yellow (S)

Marius Gunnerud · ‎05-24-2023

That means you have a hardware error / failure.

Amber—Critical alarm indicating one or more of the following:
- Major failure of a hardware or software component.
- Over-temperature condition.
- Power voltage outside the tolerance range.

https://www.cisco.com/c/en/us/td/docs/security/firepower/1010/hw/guide/hw-install-1010/overview.html#id_85128

--
Please remember to select a correct answer and rate helpful posts