Re: FTDv outside interface problem

dyakovsky · ‎03-25-2023

I have a problem with my FTDv 7.3.1 on ESXi. When I start uploading a large file over L2L VPN using SCP or SFTP between the server and the remote host, after a while the outside FTDv subinterface becomes unavailable and IPSec is aborted. After a few minutes, the subinterface becomes available. I tried it many times and always I got this problem.
I tried restarting FTDv and the problem was fixed after that, but I don't know if it will come back again.
What can I do to find the cause and fix it?

MHM Cisco World · ‎03-25-2023

are you use any IP SLA ??
the icmp can drop before interface congestion and this make the interface UP/DOWN

dyakovsky · ‎03-25-2023

No, I didn't set up an IP SLA. I have another FTDv in the same version. And it doesn't have that problem.

MHM Cisco World · ‎03-26-2023

check if there is any fragment that lead to high CPU utilize and this make some control packet drop and make the link flapping

dyakovsky · ‎03-26-2023

Thanks for advice. Right now FTD is working well, I can't reproduce this issue, but I'll keep an eye on it.