Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
477
Views
0
Helpful
7
Replies

ASA - VTI int. not showing when trying to add route, is CLI only opt ?

Stephen Carter
Level 1
Level 1

‎02-21-2025 04:07 AM

Hi all,

Am running ASA s/w on Firepowers (1120's) and am looking at configuring Route based VPN's, I've got the link working, but I'm having issues in that when I need to come to add in a new route for the link there is no option in the GUI to do so -

(The red mark is the VTI interface in the screenshot) - 

StephenCarter_0-1740139508866.png

But as you can see - there is no option for it in the drop down - so it this a bug or are routes for VTI interfaces only addable from the CLI ?

Thanks in advance.

 

Labels:
0 Helpful
7 Replies 7

MHM Cisco World
VIP
VIP

‎02-21-2025 04:19 AM

I see same issue before' it can be from 

You not enable vti or the vti os down because tunnel destination is not reachable' i.e. the vti is operational down.

0 Helpful

Georg Pauwen
VIP
VIP

‎02-21-2025 10:34 AM

Hello,

since you say the link is up, what is the result of:

show ip route VPN-Tunnel

0 Helpful

Stephen Carter
Level 1
Level 1
In response to Georg Pauwen

‎02-25-2025 03:13 AM

See latest post.

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎02-21-2025 09:36 PM - edited ‎02-22-2025 12:00 AM

Hello @Stephen Carter ,

are you using ASDM GUI with FTD 1120 running ASA firmware ?

Depending on firmware version and ASDM version you may need to add the static route from CLI for Route Based VPN.

On the CLI

show interfaces

see if the VTY appears and the state of it.

Edit:

for classic ASA with SFR you can use ASDM  to connect to   ASA itlsef on the inside IP address or public IP address. In another ASDM session you connect to the SFR module using the internal address of the mgmt interface.

So you can actually have two ASDM sessions one for the ASA and one for the service module. I would expect here with FTD running ASA software.

if there is a single session you may need to logout and to log in again in ASDM in order to make it able to read the corect list of interfaces.  ASDM is just a GUI front end Java based that connects to the Firewall.

Hope to help

Giuseppe

 

0 Helpful

Stephen Carter
Level 1
Level 1
In response to Giuseppe Larosa

‎02-25-2025 03:11 AM

Just to confirm - there are no operational issues with the link, screen shot below from one device - showing tunnel interface, routing and a ping working - 

StephenCarter_0-1740481809170.png

The issue is, as mentioned, when using the GUI the VTI interface doesn't appear in the listing of interfaces - so is this an error or by design ?

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Stephen Carter

‎02-25-2025 10:00 PM

Hello @Stephen Carter ,

>> so is this an error or by design ?

I would say a software error of the GUI, if you want to receive an official response you can open a SR with Cisco TAC.

Hope to help

Giuseppe

 

0 Helpful

Stephen Carter
Level 1
Level 1
In response to Giuseppe Larosa

‎02-26-2025 02:24 AM

@Giuseppe Larosa I've now raised a TAC case - let's see what happens.

0 Helpful
Customers Also Viewed These Support Documents