Outside to DMZ Cisco FTD RPF Check Drop

As Network Engineers, we use packet tracer on both ASA/FTD systems. There are times where we need to run packet tracer to verify the NAT configuration. If you see errors related to RPF (Reverse Path Forwarding), you can simply try using the public IPs instead of private IP addresses. In the below example, the destination IP has been the NAT assigned public IP.

packet-tracer input outside tcp source_public_ip ssh nat_public_ip ssh

If you are not comfortable with the packet tracer, you can refer the guide

Cisco IOS, IOS-XR, and NX-OS comparison

Cisco IOS

  • Most common and legacy Operating System
  • Written using C programming language
  • Does not support symmetric multiprocessing
  • Use of shared memory space
  • Cisco IOS-XE is an extension of Cisco IOS

Cisco IOS-XR

  • Found on Cisco service provider routers
  • 64 bit architecture
  • Symmetric multiprocessing
  • Seperate memory spaces
  • Modular services
  • Built of Linux kernel
  • Somewhat similar to Cisco IOS

Continue reading “Cisco IOS, IOS-XR, and NX-OS comparison”

Cisco NX-OS

  • Found on Cisco Nexus switches located in data centers
  • Feature based licensing model
  • All Ethernet interfaces are called Ethernet. The FastEthernet, GigabitEthernet, TenGigabitEthernet interface naming conventions no longer exist
  • Default login administrator user is admin. It is no longer possible to login with just a password
  • Supports Checkpoint & Rollback feature (configuration and violation check)
  • EtherChannel(IOS) naming convention has been replaced by Port-Channel
  • Seperate memory spaces
  • Symmetric multiprocessing
  • Built of Linux kernel
  • Multiple High Availability features