I recently implemented a couple of Cisco Firepower firewalls and have been using the packet-tracer feature to determine which NAT rules were being used for certain traffic for instance. Then, after troubleshooting an issue one day, we started receiving the message “ERROR: TRACER: NP failed tracing packet” when trying to run packet-tracer. This occurred from both the GUI (in Firepower Management Center) and command line.
Started my usual trip searching the web for a post how to fix my issue and found a bug from Cisco: https://quickview.cloudapps.cisco.com/quickview/bug/CSCvi37889
The description listed the symptom as:
1. Packet tracer fails with message: “ERROR: TRACER: NP failed tracing packet”
2. Capture with trace fails to show any trace information for captured packets and displays the below message :
“WARNING: The tracer pool is exhausted. Capture with trace option will not be able to display the trace. Capture with type asp-drop will not be able to include all drop reasons. To recycle tracers back to the pool, please clear or unconfigure the above types of captures.”
This matched dead on to what I was seeing. Then I remember from troubleshooting that we ran some packet captures, one of which was an asp drop capture. This capture was still enabled on the firewall and therefore was causing the packet-tracer to fail. A simple “show capture” on the firewall will check if any are running.
My command line log looked like this:
show capture capture asp type asp-drop all circular-buffer [Capturing - 523517 bytes] capture eigrp1 type raw-data [Capturing - 0 bytes] match ip host 192.168.1.6 any no capture eigrp1 no capture asp
Cisco officially lists one of the conditions as:
1. asp drop or interface captures applied with trace keyword.
2. the captures could have been applied in the past and the tracer pool will be exhausted over a period of time.
So I knew the fact that I had the asp drop capture running was my issue. Luckily, when I stopped it, my issue was resolved. As the bug mentions though, if that did not fix it, you’re looking at a reload of the firewall.
If you are facing this issue, good luck, and hopefully clearing any running captures helps!