Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
286
Views
0
Helpful
2
Replies

FPR 1010 Error while Upgrading

SouthernNetwork
Level 1
Level 1

‎01-29-2024 07:26 AM - edited ‎01-29-2024 07:27 AM

We are currently replacing our ASA with a Firepower 1010. When configuring the VPN we ran into an issue using a 3rd party certificate when trying to authorize SAML SSO with Azure. TAC suggested we update from 7.2 to 7.3. When updating the device we get roughly 35% complete until we hit failure and rollback with the error: 

Network objects used in static route can't have the same IP as the IP of the interface used in the route...

The working ASA static route was: 

route outside 0.0.0.0 0.0.0.0 10.12.140.1 1
route inside 10.0.0.0 255.0.0.0 10.12.141.1 1
route inside 10.50.128.0 255.255.128.0 10.12.141.1 1
route inside 172.16.0.0 255.240.0.0 10.12.141.1 1
route inside 192.168.0.0 255.255.0.0 10.12.141.1 1

The currently configured static route on the FPR is: 

S* 0.0.0.0 0.0.0.0 [1/0] via 10.12.140.1, outside
S 10.0.0.0 255.0.0.0 [1/0] via 10.12.141.1, inside
C 10.12.140.0 255.255.255.0 is directly connected, outside
L 10.12.140.150 255.255.255.255 is directly connected, outside
C 10.12.141.0 255.255.255.0 is directly connected, inside
L 10.12.141.3 255.255.255.255 is directly connected, inside
S 10.50.128.0 255.255.128.0 [1/0] via 10.12.141.1, inside
S 172.16.0.0 255.240.0.0 [1/0] via 10.12.141.1, inside
S 192.168.0.0 255.255.0.0 [1/0] via 10.12.141.1, inside

We have a NAT pointing to 10.12.140.150 (Eth1/1 outside interface). 

Eth1/2 (our inside interface) holds 10.12.141.3 and hands out addresses to active VPN connections within its /24 subnet. 

I would appreciate any suggestions. (Really hoping I don't have to assign the outside interface a different IP because it involves waiting for our educational ISP to configure the NAT).

-Andrew

0 Helpful
2 Replies 2

marce1000
VIP
VIP

‎01-29-2024 07:40 AM

 

              - FYI : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd90846

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Aref Alsouqi
VIP
VIP

‎01-29-2024 08:51 AM

"Network objects used in static route can't have the same IP as the IP of the interface used in the route..."

Is that the error you get when you try to upgrade?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card