Solved: Re: Ping from outside interface (FTD7.X)

davparker · ‎06-04-2024

I'm going live with FTDs for a new site managed by FMC soon. We currently have the FTDs (HA) setup and running. We have been testing VPN. We have other locally managed FTDs.(Plan to redeploy those later). Currently the default route for this new site is learned via a WAN link, exiting one of the locally managed FTDs. My plan is to add a default route at the new location pointing to the new FTDs to essentially turn up the new FTDs. Wrapping up loose ends at the moment. I realized I cannot get ping replies originating from the outside interface to 8.8.8.8. I have ICMP inspection enabled. I can ping the outside address from a computer on the Internet. I enabled a packet capture and can see the echo requests go out and the echo replies come back in. From the CLI the ping replies are not displaying. Any help would be appreciated.

Thanks-David

MHM Cisco World · ‎06-04-2024

From

Fmc>device management > icmp

Then in icmp window allow icmp reply from specific IP or from any

MHM

View solution in original post

MHM Cisco World · ‎06-04-2024

You capture traffic IN and OUT form interface?

Are you sure the ping source is outside or it is mgmt IP?

MHM

davparker · ‎06-04-2024

Source is outside. I setup capture on the outside interface specifying the 2 hosts.

1: 19:29:43.335706 141.198.38.86 > 8.8.8.8 icmp: echo request
2: 19:29:43.341870 8.8.8.8 > 141.198.38.86 icmp: echo reply
3: 19:29:45.327192 141.198.38.86 > 8.8.8.8 icmp: echo request
4: 19:29:45.333448 8.8.8.8 > 141.198.38.86 icmp: echo reply

MHM Cisco World · ‎06-04-2024

From

Fmc>device management > icmp

Then in icmp window allow icmp reply from specific IP or from any

MHM

davparker · ‎06-04-2024

Yeah, it was in the Platform Settings. Almost forgot about that. Good to go...

Thanks

MHM Cisco World · ‎06-04-2024

You are welcome

MHM