FTD 2110 ASA code 9.12(4) can not ping gateway

abideen.shaikh · ‎04-08-2022

Hi All,

I would like to share my issue which I am experiencing while configuring FTD 2110 with ASA code.

I have below config on my management interface but not able to ping gateway neither from FXOS not from ASA instance.

interface Management1/1
management-only
nameif management
security-level 100
ip address 10.178.224.181 255.255.255.0

icmp unreachable rate-limit 1 burst-size 1
icmp permit any management
icmp permit any echo-reply management
icmp permit any echo management

previously when I was running FTD 6.6.1 i was able to get to the gateway as well as FMC so there is no connectivity issue.

Since i have changed the code to ASA not able ping the gateway.

Regards

Abi

balaji.bandi · ‎04-08-2022

can you post

show route and show arp

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

abideen.shaikh · ‎04-08-2022

ciscoasa(config)# show route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, V - VPN
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set

ciscoasa(config)#

Gateway of last resort is not set

ciscoasa(config)# show arp
ciscoasa(config)#

balaji.bandi · ‎04-08-2022

i do not see anything configured, can you post show run

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

johnlloyd_13 · ‎04-09-2022

hi,

there's no ARP output in the 'management'. check your layer 1/cable.

is this connected to a switch?

try to directly connect your PC, set the gateway IP and ping it.

also share the 'show run' and hide sensitive info/IP.

abideen.shaikh · ‎04-12-2022

Hi,

Thanks for the response. manamgmet is connected to the switch 10.178.224.254 which is gateway.

This is a lab device i am just trying to bring up the management.

interface Management1/1
management-only
nameif management
security-level 100
ip address 10.178.224.181 255.255.255.0
!
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
name-server 208.67.220.220
name-server 208.67.222.222
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network mgmt
subnet 10.178.224.0 255.255.255.0
object service mgmt1
object network obj-10.0.0.0
object network obj-193.38.64.0
pager lines 24
mtu management 1500
mtu outside 1500
mtu inside 1500
no failover
no failover wait-disable
icmp unreachable rate-limit 1 burst-size 1
icmp permit any management
icmp permit any echo-reply management
icmp permit any echo management
icmp permit any unreachable management
icmp permit any time-exceeded management
no asdm history enable
arp timeout 14400

arp rate-limit 32768
route management 0.0.0.0 0.0.0.0 10.178.224.254 1
route management 10.176.58.131 255.255.255.255 10.178.224.254 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication login-history
http server enable
http 192.168.45.0 255.255.255.0 management
http 10.178.224.0 255.255.255.0 management

abideen.shaikh · ‎04-12-2022

config for fxos

firepower-2110 /fabric-interconnect # show

Fire Power:
ID OOB IP Addr OOB Netmask OOB Gateway OOB Gateway Use DataPort OOB Boot Proto OOB IPv6 Address Prefix OOB IPv6 Gateway OOB IPv6 Gateway Use DataPort IPv6 Boot Proto DHCPD Admin State Operability
---- --------------- --------------- --------------- ------------------------ -------------- ---------------- ------ ---------------- ----------------------------- --------------- -------------------- -----------
A 10.178.224.179 255.255.255.0 10.178.224.254 No Static :: 64 :: No Static DHCP Server Disabled Operable