Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1802
Views
5
Helpful
3
Replies

FTD unable to connect smart licensing server

h.dam
Level 1
Level 1

‎01-26-2021 12:09 PM

Hello,

I am doing the system settings on a FTD 2130.

When I did a copy/paste the token to registrate the license, I got this message "cannot connect to smart licensing server".

I followed the quick start guide to do my settings :

e.g. outside (dhcp mode), inside is 192.168.1.1/24, mngt is 192.168.45.45

FW is dhcp server enabled, NAT is configured by default, policy is default also.

 

But I cannot ping 8.8.8.8 from inside to outside. Do I need to add permit icmp rule?

Do you have any idea?

Thank you.

Preview file
23 KB
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-27-2021 12:22 AM

Your management interfaces needs to have Internet connectivity. Does the 192.168.45.0 subnet have a gateway with connectivity to the Internet and a reachable DNS server? Use "ping system" and not simply "ping" to make sure your ping tests use traffic from the management interface.

0 Helpful

h.dam
Level 1
Level 1
In response to Marvin Rhoads

‎01-27-2021 02:44 AM

Hello Marvin,

I am using the FTD deployment w/ FDM document.

From the included picture, it shows that  I only need to connect a laptop to the mngt interface and then using FDM to configure the settings, license,etc.

In my understanding the outside e1/1 will be connected to internet (correct me if I'm wrong). Actually, this interface is connecting to a box which is dhcp server and gw ip is 192.168.1.1. This box goes out to internet.

So my mngt IP is 192.168.45.45 (default) with data-interface as gw.

DNS servers are default, they are Cisco servers.

 

I think I should change my inside network to someting else other than 192.168.1.1 which makes conflit to the box's gw.

 

Could you please explain:

"192.168.45.0 subnet have a gateway with connectivity to the Internet and a reachable DNS server?"

Should I connect the mngt interface to internet instead of using outside interface?

Thank you.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-27-2021 04:41 AM

Do I understand correctly that your outside data interface is DHCP-addressed and the upstream gateway is 192.168.1.1? Obviously that won't work when your inside data interface is 192.168.1.1.

Normally the management interface is where smart licensing communications take place from. If it is 192.168.45.45 then it needs to be able to reach addresses via some gateway on the same subnet - that's basic routing. It also needs to be able to resolve FQDNs via a DNS server. Those are all things you setup when the appliance is new out of the box.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card