Re: FMC VPN Status Health Event keeps repeating - Page 2

rcullum · ‎05-11-2018

Our FMC keeps throwing in the same VPN status event "VPN tunnell between FWA/peerip/subnetX and FWB/peerip/subnetY is inactive due to to Deleted backup session"

Firstly any idea what a backup session refers to? If its a VPN SA, well I've checked the Firewalls and the VPN SA for these subnets is ok on each side. Traffic is being encrypted/decrypted, SPIs match. I have no inactive SAs on the FTDs. So why does FMC keep reporting this?

Secondly, since it'sthe same message every 2-3 mins including the subnets in question, shouldn't the Health Events Value column count increment instead rather than generating a new message?

cmarin · ‎12-12-2024

Hi,

I am currenly using FTDs 1120 running code 7.2.7 tonight I will upgrade to 7.2.9 and that error message has been continuous for several time, but the VPN is working fine.

I will let you know what happens after upgrade.

cmarin · ‎12-13-2024

I upgraded the devices yesterday, also the FMC to 7.2.9

The error message persists.

I cleared the tunnel in both phases.
I checked the querys in the FMC expert mode and deleted the critical alert, but less than a minute later it reapeared.

OmniQuery.pl -db mdb -e "select status,category,hex(uuid) from notification where status=12;"
************ Applying dynamic update files ************
Dynamic update files directory: /usr/local/sf/etc/dynamic_db_updates
Applying file remove_ref_check_rna_ip_os_map.yaml.
Status: Success.
Applying file rule-comments.yaml.
Status: Success.
************ Applying dynamic update files finished ************
+--------+------------------------------------------------------+----------------------------------+
| status | category | hex(uuid) |
+--------+------------------------------------------------------+----------------------------------+
| 12 | health:category.5bbe3968-1334-4a0b-9e01-b91833537890 | 8EA78010B64D31D089D9E3B9D1878D80 |
+--------+------------------------------------------------------+----------------------------------+
1 row in set (0.000339 seconds)

OmniQuery.pl -db mdb -e 'delete from notification where uuid=unhex("8EA78010B64D31D089D9E3B9D1878D80");'

The VPN is working fine but the message is still there.
Also a failover was already executed.

J. H. · ‎01-24-2025

Same issue here. Very annoying. The IPsec tunnel works fine, but keeps sending these messages (4110's running FTD v7.2.8).

VPN Tunnel between XXX/outside/X.X.X.X/X.X.X.X and Extranet Device/X.X.X.X/X.X.X.X is inactive due to Deleted backup session.

J. H. · ‎01-24-2025

Topic has over 5000 views and 24 people reported they got the same issue.

Did anyone solve this?.. Involving TAC for this will take weeks or even months.

J. H. · ‎03-11-2025

After many sessions with Cisco support they could not present a solution other than removing Health checks completely, which would stop us from monitoring our IPSec tunnels.... so we said no to that "fix".

Finally, after almost 2 months, Cisco TAC presented the solution: upgrading FMCv to the 7.4.x branch. You don't need to upgrade FTD's, only FMC. The only solution for this issue is to upgrade to 7.4.x or later.

osbee · ‎03-13-2025

Thanks for the update! Do you know if there is an official Cisco bug related to this issue that I can look up?

Danny Dulin · ‎03-13-2025

Here's an excerpt from the TAC Case I had opened on this topic. Whether the Bug was affecting us or it was simply the issue with the shun or both I don't know. What I do know is that clearing the shun fixed this issue for me and we haven't seen it since. Hope this helps.

We might be facing the following Bug: Site-to-Site VPN tunnel status on FMC shows down even though it is UP from the FTD side. https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwh17576 Although the current Version does not match the listed on the Bug. It Is known that other versions are also affected.