cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
913
Views
0
Helpful
2
Replies

I have a issue about FTD 2140 at Inline IPS topology.

nicholas183183
Level 1
Level 1

HI All,

 

I have a issue about FTD 2140 at Inline IPS topology.

I only have a ACP rule and source and destination are any.

But when I execute show asp drop  command on FTD 2140, it display many acl-drop packet.

So I execute command with capture asp-drop type asp-drop to sniffer have been drop packets.

They show many dhcp protocol udp 67 and udp 68 broadcast packet have been drop.

I want to know why these packet are normal, why have been drop.

 

Nicholas

2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

In inline IPS mode, the device doesn't support relaying DHCP broadcasts natively. The only broadcasts that are natively passed through are ARP packets. So try adding an explicit access control policy entry for the traffic - just like we would with an ASA or FTD in transparent mode. Something like what's described here:

https://community.cisco.com/t5/network-security/dhcp-relay-in-asa-transparent-mode/td-p/775523

I have a issue about FTD 2140 at Inline IPS with routed mode topology.

I only have only one ACP rule and source and destination are any.

But when I execute show asp drop  command on FTD 2140, it show many acl-drop packet.

So I execute command with capture asp-drop type asp-drop to sniffer what packets have been drop.

They show many dhcp protocol udp 67 and udp 68 broadcast and other broadcast packets have been drop.

I think these packet are normal, why these packets have been drop.

 

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: