FTD VPN : inactive due to Peer Address Changed.

engchheang · ‎08-16-2022

Hello all,

I have got an error like this : Site A - VPN Tunnel between FW/OUT/x.x.x.x/0.0.0.0 and Extranet Device/x.x.x.x/LAN-B is inactive due to Peer Address Changed.

but the connection VPN is up as normal!

Have you ever meet this issue please help to share your solution!!

Thanks in advanced

Jitendra Kumar · ‎08-16-2022

Check below Bug..

https://quickview.cloudapps.cisco.com/quickview/bug/CSCuz89989

Thanks,
Jitendra

engchheang · ‎08-16-2022

Jitendra,

Can you detail solution for me ?

Jitendra Kumar · ‎08-17-2022

If you are in the same affected release you have to upgrade.

Product (1 of 1)

Cisco Adaptive Security Appliance (ASA) Software

Known Affected Releases (1 of 1)

9.0

Known Fixed Releases (3 of 3)

9.7.1

9.6.3

9.4.4

Thanks,
Jitendra

engchheang · ‎08-17-2022

I'm using Firepower 2120 not ASA.

Jitendra Kumar · ‎08-17-2022

can you share IPsec config details from both side?

Thanks,
Jitendra

engchheang · ‎08-18-2022

Sorry i can't, but the configuration is the same as standard IPsec VPN.

MHM Cisco World · ‎08-17-2022

you must config FTD side with dynamic Crypto map, this make the FTD listen to new IPsec Peer IP.

engchheang · ‎08-18-2022

Hi MHM,

Is there other solution beside this solution ?

MHM Cisco World · ‎08-18-2022

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/119007-config-asa9x-ike-ipsec-00.html
config the FW with FQDN Peer instead of IP, example above give you some point how you config it.