This issue usually occurs when routes are learned through a routing protocol, Reverse Route Injection (RRI) or Network Discovery, once the LAN-to-LAN tunnel is active.
When the VPN 3030 public interface fails, routes from remote EZVPN peers (in network extension mode) are removed properly. At this point, remote EZVPN peers re-home to an alternate concentrator. If the concentrator that lost its public interface regains it, the routes from the formerly attached peers are re-entered into the routing table.
Note: This problem can cause an outage.
In order to resolve this issue, perform these workarounds:
Set shorter keepalives to shorten the time lag. Go to Configuration > User Management > Group in order to set this value.
When the public port is administratively disabled, the dynamic routes do not drop immediately. They only drop after the concentrator has verified that the tunnel is not there any more. When the port is physically unplugged, the dynamic routes are removed much sooner. Something in the way the concentrator is designed to cause the concentrator to act differently, depending on whether if the port is physically disconnected or only in admin shutdown.
Is there any issue w/ the following configuration:object-group network obj_myinternal_ips network-object host 172.16.23.20 network-objecthost 172.16.23.100 object network obj_myexternal network-object host 192.168.23.200 ...
Hi there, I want to migrate Cisco ASA 5505 to Cisco FTD with Firepower Device Manager (FDM). I know that you can use Cisco's Migration Tool if you are migrating to Cisco FTD with Firepower Management Center (FMC). Is there any "easy" way to migr...
Hi all, Below in the configuration in ASA0, still unable to ping to outside interface gi/2, pls help interface GigabitEthernet1/1nameif insidesecurity-level 0ip address 192.168.1.1 255.255.255.0!interface GigabitEthernet1/2nameif outsidesecurity...
Hi, I am trying to take a configuration back-up on my Primary Admin Node.I see that the backup generation is stuck on 10%, it has been this way for about 5 days now.The ise node is still operating without any issues. I have tried to stop the bac...
Hi All,My company has purchased Firepower 2100 series firewall with ASA image 9.10.1. My query is related to CLI and GUI. Is it the CLI Commands and GUI steps/view will be same as normal ASA and manage by ASDM. Any help will be appreciated