03-07-2021 10:46 PM
Hello!
Firepower: v6.5
Faced a situation when VPN connections were deleted on FMC, but they remained on FTD.
crypto map CSM_outside_main_map 2 set peer XXX.175.186.85 crypto map CSM_outside_main_map 2 set ikev2 ipsec-proposal CSM_IP_1 crypto map CSM_outside_main_map 2 set reverse-route crypto map CSM_OUTSIDE-BACKUP_map 2 set pfs crypto map CSM_OUTSIDE-BACKUP_map 2 set peer XXX.175.186.85 XXX.214.6.133 crypto map CSM_OUTSIDE-BACKUP_map 2 set ikev2 ipsec-proposal CSM_IP_2 crypto map CSM_OUTSIDE-BACKUP_map 2 set reverse-route ...
Any ideas on how to remove them?
03-07-2021 11:08 PM
I've seen artifiacts like this on ocassion. At one point there was a bug ID tracking it but then it was supposed to have been resolved. More recently I had the opposite (with FDM) - the site-to-site VPNs were present in the FDM GUI (with no deploy pending) but no crypto map sequences in the running-config.
What versions are you running (FMC and FTD)?
03-07-2021 11:36 PM
FMC - 6.5.0.4
FTD - 6.5.0
03-08-2021 06:16 AM
03-10-2021 04:30 AM
It definitely looks like a bug. I'd recommend opening a TAC case for confirmation and a possible work around.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: