Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2292
Views
5
Helpful
3
Replies

Can't Remove Remote Access VPN on FTD 1120 using FDM

vtxchris
Level 1
Level 1

‎06-23-2020 07:44 AM

I configured a remote access VPN on my FTD 1120 using the Firepower Device Manager but it's not working - at first we could get connected but not browse any network resources, so we backed out of our changes and put it on hold. Now I've come back to it and find that I can't even get logged in, so I decided to just delete the VPN and start over. Unfortunately it seems I'm not able to delete it. I have just one connection profile and 2 group policies (one default and one I created), as below:

 

06-23 RAVPN policies.png

 

I deleted the connection profile and the policy I created, but when I push the changes I get the following error:

 

06-23 VPN error.png


I'm not sure how to proceed here, and I'm not sure why I would need a NAT config statement for a VPN that I'm trying to delete. Any suggestions? Ideally I'd like to get the VPN working, but I think it might just be easier to delete it and start from scratch.

0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎06-23-2020 08:00 AM

Hi,
Your initial issue why you could not access any network resources is possibly indicated in your screenshot. I assume the group in use "NGFW-Remote-Access-VPN" represents your RAVPN IP Pool, if so that is incorrect?

The source interface would be inside and the source network should represent the internal networks, the destination is outside and the destination networks should represent the RAVPN IP Pool.

Example here:-

nat (INSIDE,OUTSIDE) source static INTERNAL-NET INTERNAL-NET destination static NGFW-Remote-Access-VPN NGFW-Remote-Access-VPN no-proxy-arp

Re-create the NAT rule, push the policy and try again. If it fails provide the output of "show nat detail"

HTH

vtxchris
Level 1
Level 1
In response to Rob Ingram

‎06-25-2020 07:01 PM

Thanks for the answer, Rob.  I'd love to troubleshoot, but the main problem that I didn't mention above is that something has happened and I can't even log into the VPN anymore.  We haven't set up AAA or anything yet, we're just working off a local user account.  I set up a test RA-VPN account, and while it originally let us log in a few weeks ago, now I'm just getting a login failed message.  I've tried resetting the password and creating a second account, but I can't get logged in.  That's what prompted me to think blowing away the connection profile and starting fresh might be the best step, which is when I hit the roadblock above.  Any suggestions?

 

Chris

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to vtxchris

‎06-25-2020 08:34 PM

It's hard to say what you may have done to get that error. If the appliance is not supporting production traffic you are probably better off just resetting it to factory default and then reconfigure from scratch.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card