07-03-2022 07:12 PM
Hi all,
Recently my company has acquired some a few Firepower 1120 security appliances and a firepower management VM for use at our various branch offices.
I am trying to configure a route-based site-to-site IPsec tunnel between a pair of them within the FMC and am having no luck.
The problem is that when attempting to save the VPN configuration, I am given the following error:
"Both peers have different tunnel source IP versions configured for
their interfaces.
One peer has been configured with an IPv4 tunnel source and the
other peer has been configured with an IPv6 tunnel source.
Select both interfaces so that the IP versions of the tunnel source
interfaces match on both peers."
I'm not sure what the cause of this error is, as it's clear that both tunnel source interfaces have been assigned an IPv4 address.
A couple of things to note:
Both firewalls are assigned a static address via DHCP
The remote firewall is managed remotely via the outside interface. Not sure if this is a possible issue since i've noticed that I cannot select the outside interface as a source for the VTI unless FMC management is temporarily disabled
IPv6 is disabled on the outside interface of both firewalls
Pretty new to these so apologies for any ignorance. Not sure if i've just missed something obvious or there is something else going on.
Regards
Dan
07-03-2022 07:57 PM
check the ip get from SP via dhcp is it ipv6 or ipv4?
07-03-2022 08:14 PM
Hi,
both Firewalls have received an IPv4 address and IPv6 is disabled on both outside interfaces
regards
07-04-2022 12:05 AM - edited 07-05-2022 05:30 AM
Is the configured IP on the device that is sending with a source of IPv6 a private IPv4 address? might be that the ISP is NATing you to an IPv6 address.
07-04-2022 12:26 AM
Hi all,
I have spoken to Cisco TAC support and it turns out this may be a bug:
https://bst.cisco.com/bugsearch/bug/CSCwb87279
Turns out the FMC/FTDs do not support dynamic VTIs so I will look at changing these over to static addresses and then see how I go
Thanks for all the responses
07-04-2022 08:07 AM
Thanks for sharing the bug details. That's good to know even though it doesn't resolve the issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide