Solved: FMC / FTD site to site VPN logout

Lee Dress · ‎03-02-2023

I've been having an issue in FTD 7.0.5 on FMC. My site to site tunnels lose connectivity to certain VLANS in my main site.

it's not always the same VLAN or the same device. it's not ALL vlans, just 1 out of 5. it's random.

My question is, on the old ASDM, you could restart a tunnel by logging it out from one side or the other.

I can't find that functionality in FMC, so I'm forced to reboot the remote device.

is there a way to logout a Site to Site tunnel in FMC?

Rob Ingram · ‎03-02-2023

@Lee Dress from the CLI of the FTD you can run clear crypto ipsec sa peer <ip address> which will delete the IPSec SA for that peer. You'd then need to generating interesting traffic in order for the VPN tunnel to be re-established.

View solution in original post

Rob Ingram · ‎03-02-2023

@Lee Dress from the CLI of the FTD you can run clear crypto ipsec sa peer <ip address> which will delete the IPSec SA for that peer. You'd then need to generating interesting traffic in order for the VPN tunnel to be re-established.

balaji.bandi · ‎03-02-2023

clear crypto ipsec - command refer below :

https://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_for_Firepower_Threat_Defense/c_2.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Lee Dress · ‎03-02-2023

Thanks to both of you. I appreciate the quick response!