This issue usually occurs when routes are learned through a routing protocol, Reverse Route Injection (RRI) or Network Discovery, once the LAN-to-LAN tunnel is active.
When the VPN 3030 public interface fails, routes from remote EZVPN peers (in network extension mode) are removed properly. At this point, remote EZVPN peers re-home to an alternate concentrator. If the concentrator that lost its public interface regains it, the routes from the formerly attached peers are re-entered into the routing table.
Note: This problem can cause an outage.
In order to resolve this issue, perform these workarounds:
Set shorter keepalives to shorten the time lag. Go to Configuration > User Management > Group in order to set this value.
When the public port is administratively disabled, the dynamic routes do not drop immediately. They only drop after the concentrator has verified that the tunnel is not there any more. When the port is physically unplugged, the dynamic routes are removed much sooner. Something in the way the concentrator is designed to cause the concentrator to act differently, depending on whether if the port is physically disconnected or only in admin shutdown.
HelloIt's all about failover.We are running a couple of FirePower 4150 appliances at two different locations. They are not in cluster mode.On top we run ASA code in Multiple Context Mode and with 20 Transparent Contexts. Active/Standby.Setup:Port-Channel ...
when I command the sfr installation that is asking ftp username and password. I have tried with uname and pass set or unset. also tried with different ftp server. but result is same.!asasfr-boot>system install ftp://192.168.1.10/asasfr-sys-6.4.0-102.pk...
i have to same model firewalls i configure site to site IPsec vpn its working fine both sides LAN network accessible everything working fine. i want to all my branch internet traffic going to HO Firewall Gateway branch isp did not use for internet t...