Re: TCP connection not seen on Cisco FTD 1100 series running ASA

balwanth1 · ‎01-17-2024

We are currently refreshing our device from EOL cisco asa 5500 series to Cisco FTD running asa image . however we see no connections when cables are moved from EOL Cisco asa 5500 to Cisco FTD 1100 . Cisco FTD is running an ASA image with 19.6 x version.

Anyone having issues with this version running on FTD ? Specifically not seeing any TCP connection coming from outside. we did a capture on the outside interface connecting to ISP link but no traffic. the Destination is AWS

MHM Cisco World · ‎01-17-2024

you need to reset the connection from client or Server to build now TCP session through new FTD
MHM

MHM Cisco World · ‎01-17-2024

if you can not do that manually I think you can use FMC to add ACP with black+reset which make any tcp connect reset then remove this ACL and check the connection
MHM

balwanth1 · ‎01-17-2024

what is ACP with black+reset , any cisco document. Could you please elaborate

MHM Cisco World · ‎01-17-2024

Before we do deep in this point are only tcp traffic drop or all traffic?

MHM

balwanth1 · ‎01-17-2024

only TCP

MHM Cisco World · ‎01-17-2024

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212321-clarify-the-firepower-threat-defense-acc.html

Check action block+reset

Also can I ask you to double check interface up and get IP from ISP or not.

MHM