• Ping—Access the FTD CLI, and ping the FMC IP address using the following command:
ping system ip_address
If the ping is not successful, check your network settings using the show network command. If you need
to change the FTD Management IP address, use the configure network management-data-interface
command.
• Registration key, NAT ID, and FMC IP address—Make sure you are using the same registration key,
and if used, NAT ID, on both devices. You can set the registration key and NAT ID on the FTD using
the configure manager add command.
For more troubleshooting information, see https://cisco.com/go/fmc-reg-error.
Configure a Basic Security Policy
This section describes how to configure a basic security policy with the following settings:
• Inside and outside interfaces—Assign a static IP address to the inside interface, and use DHCP for the
outside interface.
• DHCP server—Use a DHCP server on the inside interface for clients.
• Default route—Add a default route through the outside interface.
• NAT—Use interface PAT on the outside interface.
• Access control—Allow traffic from inside to outside.
• SSH—Enable SSH on the FMC access interface.
To configure a basic security policy, complete the following tasks.
Configure Interfaces, on page 101.
Configure the DHCP Server, on page 104.
Add the Default Route, on page 105.
Configure NAT, on page 107.
Allow Traffic from Inside to Outside, on page 109.
Configure SSH on the FMC Access Data Interface, on page 110.
Deploy the Configuration, on page 112.
Cisco Firepower 1100 Getting Started Guide
132
Firepower Threat Defense Deployment with a Remote FMC
Configure a Basic Security Policy
To Next Page
Loading...
Need help?
General