Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
227
Views
3
Helpful
5
Replies

Where to get help for the FMC platform?

KMNRuser
Level 1
Level 1

‎05-07-2025 05:32 AM

I am needing to open up a port that will go from outside to inside for TACACS authentication.  I have created what i beleive is the necessary NAT translation from an available public IP address that our provider has given us in a publicly routable block, and i have also created an ACL.  But for some reason i am not able to see the request coming in.  I am using "telnet X.X.X.X 49" on the device to test, but it never goes open.

Will TAC assist with configurations on FMC?  What would be the proper avenue to get assistance with this item?

Thank you,

KMNRUser

5 Replies 5

Rob Ingram
VIP
VIP

‎05-07-2025 06:53 AM - edited ‎05-07-2025 06:55 AM

@KMNRuser from the CLI of the FTD, run packet-tracer to simulate the traffic flow of the TACACS traffic. This should confirm if allowed in the firewall rules and what NAT rule traffic matched. This should provide a clue, provide the output for review.

If you wish hands-on assistance, contact TAC or your Cisco partner, who should be able to troubleshoot this issue.

KMNRuser
Level 1
Level 1
In response to Rob Ingram

‎05-08-2025 06:21 AM

I do not know how to run packet-tracer from the CLI, only from FMC.  Most of what i have read has indicated that Packet-Tracer must be run from the FMC in this environment.  Is that not correct?  Thank you.

0 Helpful

MHM Cisco World
VIP
VIP

‎05-07-2025 07:06 AM

Hi friend' 

Using telnet to check port open is not always work'

I will start use 

Capture in outside interface of ftd to see if traffic is hit interface or not.

Inform me about result 

MHM

KMNRuser
Level 1
Level 1
In response to MHM Cisco World

‎05-08-2025 06:25 AM

HI MHM,

The documentation that i have read has indicated i should use packet tracer from the FMC interface, and i have done that.  I must admit it is a bit confusing, as I am not exactly sure what values to use, such as for Source Type value.. and to put in both the Source Port and Destination port.. I know the destination port is "49" but usually the source port is ephemoral if i am not mistaken..ill include a screenshot.

Preview file
140 KB
0 Helpful

MHM Cisco World
VIP
VIP
In response to KMNRuser

‎05-08-2025 07:20 AM

Server-inside-ftd-outside-client

You use packet tracer' source port will be outside' 

The destiantion IP will be server (mapped IP not real IP) 

The destiantion port is 49 

The traffic type is TCP (since you use tacacs)

Do above and share result' also check packet capture

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card