Hello,

We are replacing a Cisco ASA with a Cisco Firepower 1140. In our DMZ we are host an Aruba vpn concentrator that connects 250+ (inbound) vpns. When we reroute this traffic from the Cisco ASA to the Cisco Firepower, all vpn's reconnect succesfully, but one: our vpn with a virtualized Aruba vpn concentrator hosted in Azure fails. See the attached file for a graphical respresentation.

I need some help

According to https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212474-working-with-firepower-threat-defense-f.html  a capture should be able to show me all packets entering the firewall, but it doesn't. Traffic i know to pass the firepower is not visible either, so i must be doing something wrong:

> show capture
capture azureincoming type raw-data [Capturing - 0 bytes]
match ip host 51.136.X.Y any
capture azureoutgoing type raw-data [Capturing - 0 bytes]
match ip any host 51.136.X.Y

I temporarily disabled all FTD security features, just to be sure the packets aren't dropped because of security issues. We run software version 7.1.0.1-28.

My main question at this point: how do i get the capture to actually show me the traffic i expect?

(Just to be complete: ofcourse we also changed the external routing for returning traffic to the Firepower, or the vpn's from the 250+ vpn routers wouldn't connect either.)

Can anyone point me in the right direction? Thanks,
Marcus