Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2053
Views
2
Helpful
22
Replies

FTD to remote FMC register problem

Go to solution
sherali mamatkarimov
Level 1
Level 1

‎01-17-2024 11:01 AM

i am trying to register my FTD to my remote FMC by this guide with manual method

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp2100/firepower-2100-gsg/ftd-fmc-remote.html#task_imq_yw3_b3b

but when i am adding my FTD to FMC i got error  Registration timed out. Please check connectivity and registration id

I have configured outside static ip address in FTD as managment interface and also registration id and nat id. FMC is behind the nat and I can ping FTD outside ip. 

 On FTD i configured manager with command "configure manager add DONTRESOLVE secret123 natid123" as i dont have directly access to FMC. I tried to registrer FTD with IP and NAT ID both, without IP only with NAT ID and also without NAT ID only with static IP but everytime fails. Can you help me?

0 Helpful
22 Replies 22

Go to solution
MHM Cisco World
VIP
VIP
In response to sherali mamatkarimov

‎01-17-2024 11:46 AM 

> configure manager add DONTRESOLVE Cisco-123 nat123

use this in FTD and check 
MHM 

0 Helpful

Go to solution
sherali mamatkarimov
Level 1
Level 1
In response to MHM Cisco World

‎01-17-2024 12:02 PM

I have configured as you have write but fails, i have added FTD without IP address but with register and nat id

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to sherali mamatkarimov

‎01-17-2024 12:05 PM

One side must not use IP here fmc behind NAT so did you try above command ? Dis you use same key and NAT-ID in fmc side ?

MHM

0 Helpful

Go to solution
sherali mamatkarimov
Level 1
Level 1
In response to MHM Cisco World

‎01-17-2024 12:08 PM

Of course using same key and NAT ID yes i tried do as you have written))

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to sherali mamatkarimov

‎01-17-2024 12:16 PM

then did you use 
configure network management-data-interface<<- please read about this command before you apply it 
https://www.cisco.com/c/en/us/td/docs/security/firepower/670/configuration/guide/fpmc-config-guide-v67/device_management_basics.html

again read about this command before apply 
thanks 
MHM

Screenshot (88).png

0 Helpful

Go to solution
sherali mamatkarimov
Level 1
Level 1
In response to MHM Cisco World

‎01-17-2024 12:44 PM

As said in this guide https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp2100/firepower-2100-gsg/ftd-fmc-remote.html#task_imq_yw3_b3b

 1 step I am configuring my private static ip in initial setup with default route by data interfaces

2 step i am typing  > configure network management-data-interface 

Ether 1/1 outside interface 

Ip mask gw of my ISP 

3 step i am typing configure manager add DONTRESOLVE Cisco-123 nat123

 

 

 

 

 

Go to solution
MHM Cisco World
VIP
VIP

‎01-18-2024 10:24 AM 

 

sheralimamatkarimov_0-1705518885123.png there are two tunnel one is control and other is event 
so 
point to check 
1- Check the Ver. is compatible or not between FTD and FMC
FTD /ngfw/var/log/messages file: 
2- share this 

> capture-traffic

Please choose domain to capture traffic from:
  0 - eth0
  1 - Global

Selection? 0

Please specify tcpdump options desired.
(or enter '?' for a list of supported options)
Options: -n host <FMC IP>

 MHM

0 Helpful

Go to solution
sherali mamatkarimov
Level 1
Level 1
In response to MHM Cisco World

‎01-20-2024 04:56 AM

Thank you for answer but i decided to manage remote office FTD bt FDM, I configured all but i have one small problem i will open new discussion for it.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card