Solved: Re: Issue selecting Tunnel Source

BmfL · ‎11-23-2021

Hello,

I have updated FMC and FTD to version 7.0.1 (build 84) and since then I have noticed that when creating a tunnel VTI the tunnel source does not provide all available interfaces. For example, in one of the cases I want to select outside interface but only shows inside interface. Other case there are two outside interfaces but only shows one. I was reading documentation but did not find something referring this particular issue. Need to mention that i tried to delete and create new tunnel. Interfaces where previous created and are up and running.

Anyone else faced this problem? Is it because I am trying to use outside interface which works as mgmt as well?

Here is the issue, not able to select proper interface

Devices, Add VPN, Firepower threat defense Device, edit VTI...

BmfL · ‎11-25-2021

UPDATE

After testing everything pointed out to a bug. That said I have reported directly to Cisco where we could confirm my suspicious. So folks, as of today 25/11/2021 a bit careful updating your FMC version to 7.0.x since it was confirmed by Cisco that it is a bug and there is no workaround as of today.

"When the FTD is register with management-data-interface on FMC 7.0 and we try to configure VTI , we don't see "FMC access " data interface as an option for tunnel source.

On FMC 6.7.0.x we do see option for data-interfaces configured as "FMC access- Enable management on this interface for the Firepower Management Center " when we try to create a VTI tunnel source.

When we upgrade FMC from 6.7.0.x to 7.0 we can see the VTI with FMC access port as tunnel source but cannot create a new one on FMC 7.0."

View solution in original post

BmfL · ‎11-23-2021

Another similar case, when open tunnel source on existing deployment, 3 interfaces it shows initially, however, if a click inside then the outside interface disappear... it literally go out of the menu not possible at all to find it again, yes I did scroll up/down, etc.... Other cases, clicking on tunnel source it does not even show the desired interfaces.... It seems like we have a bug here.

BmfL · ‎11-25-2021

UPDATE

After testing everything pointed out to a bug. That said I have reported directly to Cisco where we could confirm my suspicious. So folks, as of today 25/11/2021 a bit careful updating your FMC version to 7.0.x since it was confirmed by Cisco that it is a bug and there is no workaround as of today.

"When the FTD is register with management-data-interface on FMC 7.0 and we try to configure VTI , we don't see "FMC access " data interface as an option for tunnel source.

On FMC 6.7.0.x we do see option for data-interfaces configured as "FMC access- Enable management on this interface for the Firepower Management Center " when we try to create a VTI tunnel source.

When we upgrade FMC from 6.7.0.x to 7.0 we can see the VTI with FMC access port as tunnel source but cannot create a new one on FMC 7.0."