I have a Firepower 2110 that I've registered to a FMC. I configure interfaces, push platform settings, access-control policies, etc, through the FMC.
I then break the SFtunnel communication by installing a new security pack version from the FXOS CLI. Upon re-imaging of the device, I attempt to re-register it with the same FMC using the same Regkey and NAT ID. The FMC will never re-establish communication with the device and the registration status shows up as pending:
> show managers
Host : xxx
Registration Key : ****
Registration : pending
RPC Status :
> sftunnel-status
SFTUNNEL Start Time: Thu Apr 5 19:23:59 2018
Both IPv4 and IPv6 connectivity is supported
Broadcast count = 0
Reserved SSL connections: 0
Management Interfaces: 1
management0 (control events) x.x.x.x,
***********************
**RPC STATUS****889547*************
Caught Simple Exception: RPC Request failedCheck routes:
**Note - I do have NAT between the FTD and FMC and I'm using DONTRESOLVE on the FTD.
The only way I'm able to re-establish communication is by deleting the device from FMC and re-adding it. I've tried restarting the sftunnel on both the FTD and FMC using ‘sudo manage_procs.pl’ with no success.
Unfortunately, deleting and re-adding the device on the FMC also deletes the interface and route configurations.
Is there a way that I can force the FMC to re-establish the SFtunnel and begin communicating with the FTD without deleting and re-adding the device?
Thanks,
Patrick