Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1560
Views
0
Helpful
1
Replies

Firepower 2100 - Re-registering with FMC

Patrick0711
Level 3
Level 3

‎04-13-2018 10:20 PM - edited ‎02-21-2020 07:38 AM

I have a Firepower 2110 that I've registered to a FMC.  I configure interfaces, push platform settings, access-control policies, etc, through the FMC. 

 

I then break the SFtunnel communication by installing a new security pack version from the FXOS CLI.  Upon re-imaging of the device, I attempt to re-register it with the same FMC using the same Regkey and NAT ID.  The FMC will never re-establish communication with the device and the registration status shows up as pending:

 

> show managers

Host                      : xxx

Registration Key          : ****

Registration              : pending

RPC Status                :

 

> sftunnel-status

 

SFTUNNEL Start Time: Thu Apr  5 19:23:59 2018

 

        Both IPv4 and IPv6 connectivity is supported

        Broadcast count = 0

        Reserved SSL connections: 0

        Management Interfaces: 1

        management0 (control events) x.x.x.x,

 

***********************

 

**RPC STATUS****889547*************

Caught Simple Exception: RPC Request failedCheck routes:

 

**Note - I do have NAT between the FTD and FMC and I'm using DONTRESOLVE on the FTD.  

 

The only way I'm able to re-establish communication is by deleting the device from FMC and re-adding it.  I've tried restarting the sftunnel on both the FTD and FMC using ‘sudo manage_procs.pl’ with no success.

 

Unfortunately, deleting and re-adding the device on the FMC also deletes the interface and route configurations.

 

Is there a way that I can force the FMC to re-establish the SFtunnel and begin communicating with the FTD without deleting and re-adding the device?

 

Thanks,

Patrick

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-14-2018 09:26 PM

That's an interesting question. As far as I know there's no publicly-documented way to do what you're asking. However, I strongly suspect if you open a TAC case they may have a method to use.

 

Please let us know if you're able to open a case and, if so, what the TAC recommends.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card