This issue usually occurs when routes are learned through a routing protocol, Reverse Route Injection (RRI) or Network Discovery, once the LAN-to-LAN tunnel is active.
When the VPN 3030 public interface fails, routes from remote EZVPN peers (in network extension mode) are removed properly. At this point, remote EZVPN peers re-home to an alternate concentrator. If the concentrator that lost its public interface regains it, the routes from the formerly attached peers are re-entered into the routing table.
Note: This problem can cause an outage.
In order to resolve this issue, perform these workarounds:
Set shorter keepalives to shorten the time lag. Go to Configuration > User Management > Group in order to set this value.
When the public port is administratively disabled, the dynamic routes do not drop immediately. They only drop after the concentrator has verified that the tunnel is not there any more. When the port is physically unplugged, the dynamic routes are removed much sooner. Something in the way the concentrator is designed to cause the concentrator to act differently, depending on whether if the port is physically disconnected or only in admin shutdown.
I recently installed a FMCv on VMware (v6.6.1) and 2x 2110 FTD units which came with 184.108.40.206. I expected updates for the 2110s to appear in the FMC so I could upgrade to 6.6.1. It keeps saying "no updates available". FDB and GeoDB updates are workin...
Can I connect to the firewall after AnyConnect VPN is established?192.168.0.1 - inside interface on Firewall192.168.0.2 - server in private networkAfter establishing a vpn connection, I can ping 192.168.0.2. I canconnect to 192.168.0.2, but i can't ping 1...
Hello,I found in cisco documentation that BFD is not available on OSPF, only BGP.So I use BGP protocol on my fw FTD 2130.I use FDM to configure this FTD fw. In the BGP part, I activated this line:"neighbor 220.127.116.11 fall-over bfd single-hop" When I run...
Dear All, I have a simple setup with two routers (acting as server and client), where I am trying to test flexvpn using certificates. I am getting below error IKEv2:% Received cert hash is invalid, using configured trustpoints from pr...