Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
942
Views
0
Helpful
1
Replies

Firepower 6.4 Disconnects All Users when Configuring NAT Rules

aswit
Level 1
Level 1

‎12-04-2019 05:20 AM

We are running a Firepower 1120 Security Appliance running the latest recommended software FDM 6.4.0.4.

 

Whenever we make a change to any of the NAT policies and deploy the change it seems to delete all the NAT rules and re-add them instead of just changing the one we want. This has the adverse effect of disconnecting our socket connections on our Site-to-Site VPN connections because the NAT doesn't exist for a second. The same problem also seems to happen when we make a change to any of the VPN profiles. The only error message I see on the console is that

User 'enable_1' executed the 'no crypto map s2sCryptoMap interface outside' command.
then after that I can see
User 'enable_1' executed the 'crypto map s2sCryptoMap interface outside' command.
The problem there is all of our VPN connections use the outside interface so they all get disconnected!
 
Has anyone else noticed these problems?
Labels:
0 Helpful
1 Reply 1

aswit
Level 1
Level 1

‎12-06-2019 06:25 AM

Well I just got a response from our Cisco technician who has been helping us with another Firepower issue, saying that this is "normal behavior".

 

So public service announcement for anyone thinking about purchasing a Firepower security appliance that if you change any of the rules it disconnects everyone using the device.

 

I have to say I never heard of a firewall where you can't change a NAT rule without affecting everyone else...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card