Hi team,

We have just upgraded our ASA 5525-X firewalls to mitigate the IKEv2 bug that has just bitten this platform. The TAC supplied image was 9.14(4)24. As soon as the firewalls came back into service we noticed we were getting odd SNMP polling results. For example only seeing the status of 65 site to site VPN tunnels instead of the usual list in excess of 100 (we use OID  1.3.6.1.4.1.9.9.171.1.2.3.1.7 for this). As time has gone on (1 day) we are now seeing the firewall stop responding to SNMP polling completely. A capture shows the get-requests hitting the firewall but no get-responses. It feels like a bug but any bugs I have found on the Cisco web site are reluctant to provide any details that will confirm my suspicions and advise what is needed to remedy the situation. Very hard to make sure all services are operating correctly when the firewall keeps turning out the lights.

Has anyone found and solved this problem or got a suggestion that could point us in the right direction please?

Thanks