Cisco FTD 2130 - drops all VTIs tunnel to different remote sites.

alonso2352 · ‎02-08-2024

Hi guys, I have this issue for a long time now. We have two pair of FTDs in HA in two different DCs. We have VTIs setup in both HA pairs going to each remote site. This case have been with Cisco TAC for a long time and we still not get to the real problem. What could cause all BGP neightbors to reset at the same time. I'm thinking a hardware problem or BGP table just flaps randomly. I'm happy to share any outputs or config. Also two of the VTIs are going to Azure.

tvotna · ‎02-09-2024

To say something we at least need topology diagram, configuration fragment with BGP and tunnel interfaces in place (replace all public IPs there with something like 192.0.2.x or x.1.2.3) and syslog from the time of the flap to understand whether BGP flaps on its own or IPSec tunnel flap brings down BGP.

Marius Gunnerud · ‎02-10-2024

We would need more information on how your VTI and BGP is setup, and preferably provide the configuration for review.

The times when I have seen similar issues is when BGP is advertising the public interface IP to the remote side over the VTI tunnel. So, be sure that you are filtering out the public IP from being advertised via BGP.

--
Please remember to select a correct answer and rate helpful posts

MHM Cisco World · ‎02-11-2024

The VTI tunnel is down when and only when the tunnel source is down and/or tunnel destination is not reachable.

Your case maybe related to routing issue' that the tunnel destination reachable via tunnel itself (via bgp)

So check prefix learn from bgp and tunnel destination' there is overlapping in supernet ?

MHM