Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2632
Views
8
Helpful
20
Replies

FMC displays working IKEv2 tunnel DOWN

Go to solution
swscco001
Level 3
Level 3

‎12-13-2023 12:55 AM - edited ‎12-13-2023 12:56 AM

Hello everybody,

our customer is using FMCv 7.2.5.1 and (two) Firepower 1120 (7.0.0.1)
for their S2S tunnels (see screen dump).

We changed a IKEv1 to IKEv2 tunnel (peer-IP 217.6.229.234).

In the VPN > Site To Site overview this working tunnel was displayed as
DOWN (see screen dump).

In the VPN > Site To Site Monitoring the tunnel is correctly displayed
as UP witn active sessions (see screen dump).

In the VPN > Site To Site there is no error message for this tunnel
(see screen dump).

What is the reason for this wrong indication in the Site To Site overview.
The customer feels unsave at such indication because there is a hospital
connected.

This seems to be a general issue becasue other working tunnels were
indicated ar orange.

Thanks a lot for every hint.



Bye
Rene

1 person had this problem
Preview file
207 KB
Preview file
142 KB
Preview file
137 KB
Preview file
94 KB
20 Replies 20

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Danny Dulin

‎11-01-2024 10:53 AM

Yes, the tunnels were up and passing traffic as designed. Just the FMC dashboard GUI was showing otherwise.

Go to solution
Danny Dulin
Level 1
Level 1
In response to Danny Dulin

‎11-01-2024 10:57 AM

One more question. Is it the deploy in general or deploying a change to the VPN Topology that triggers?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Danny Dulin

‎11-01-2024 11:16 AM - edited ‎11-01-2024 11:17 AM

The deploy had to affect the S2S VPN that is giving issues.

I checked the TAC case notes. We hit one of these bugs, the work-around in the first one fixed the issue:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf01954

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd61082

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf86519

 

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Danny Dulin

‎11-05-2024 06:43 AM

Yes- that was the second one I had listed. Unfortunately some of these fixed releases only fix the bug if they are fresh installs. Upgrades from earlier versions may sometimes retain the bug behavior (in my experience) or require some "under the covers" manipulation of files to clear the bug completely.

FWIW my customer has not seen a recurrence since we fixed the problem for them early this year. They are now on 7.6

0 Helpful

Go to solution
Danny Dulin
Level 1
Level 1

‎11-01-2024 10:54 AM

Thank you. Very Helpful.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card