cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2285
Views
15
Helpful
7
Replies

FMC - site 2 site vpn extranet invalid endpoint configuration error

MaErre21325
Level 1
Level 1

Hi guys,

 

i'm trying to add a new subnet  in a working vpn from my FMC (6.6.1 (build 91).) to an external device using the extranet field, once i've inserted the new subnet and clicked save, i'm promped the error as below, what can i do to solve it?

i haven't found any bug or other discussion with this issue.

 

error2.jpg

error3.jpg

 thank you

7 Replies 7

@MaErre21325 

Can't say I've seen that message before. Change the Node A and B around, put the Extranet as a Node B and the FMC managed FTD as Node A. This is the way I normally I do it and I do not have this error message.

Hi Rob,

 

i receive that error while trying to add a new subnet to the existing vpn.

 

thx

Oh ok, so it's already setup and working then?

Which version and patch level, have you checked for bugs?

Obviously you've modified the screenshot, but the Device Name is the public IP address? Have you tried just defining a name/description, then define the public ip address under the IP address field.

 

sorry Rob, my mistake, i've added the correct screenshot, both name and ip address are configured as usual, i've always added new subnet with no issues, this the fist time i receive that error and yes the vpn is working from 2 weeks.

the version is 6.6.1 (build 91) and i haven't found any bug at the moment.

muriithikr
Level 1
Level 1

I have the below error too when trying to setup a site to site VPN on FTD running version 6.6.5:

muriithikr_0-1642955964120.png

 

 

 

James12345
Level 1
Level 1

Hopefully if you are still having this issue you monitor the thread as I have ran into the same problem and after beating my head against my desk for some time the solution came to me. In my situation the issue was not with the Extranet node/side but instead the other. On the other node/side there is a checkbox under the IP Address which in my case was checked called "This IP is Private" and under that was the public IP address of our device manually entered. I unchecked "This IP is Private" which removed the manual entry and I was immediately allowed to save my other configuration modifications that I was making. 

Hello James,

That was also the cause on my side. I had assumed that since the FTD was behind NAT I needed to the select the "This IP is Private" option. After reviewing the Cisco documentation, there was a note indicating that this option should be left unselected if the remote device is an Extranet device.