Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1649
Views
15
Helpful
7
Replies

FMC - site 2 site vpn extranet invalid endpoint configuration error

MaErre21325
Beginner
Beginner

‎06-16-2021 07:53 AM - edited ‎06-16-2021 08:47 AM

Hi guys,

 

i'm trying to add a new subnet  in a working vpn from my FMC (6.6.1 (build 91).) to an external device using the extranet field, once i've inserted the new subnet and clicked save, i'm promped the error as below, what can i do to solve it?

i haven't found any bug or other discussion with this issue.

 

error2.jpg

error3.jpg

 thank you

1 person had this problem
Labels:
0 Helpful
7 Replies 7

Rob Ingram
VIP Master VIP Master
VIP Master

‎06-16-2021 08:12 AM

@MaErre21325 

Can't say I've seen that message before. Change the Node A and B around, put the Extranet as a Node B and the FMC managed FTD as Node A. This is the way I normally I do it and I do not have this error message.

0 Helpful

MaErre21325
Beginner
Beginner
In response to Rob Ingram

‎06-16-2021 08:19 AM

Hi Rob,

 

i receive that error while trying to add a new subnet to the existing vpn.

 

thx

0 Helpful

Rob Ingram
VIP Master VIP Master
VIP Master
In response to MaErre21325

‎06-16-2021 08:30 AM

Oh ok, so it's already setup and working then?

Which version and patch level, have you checked for bugs?

Obviously you've modified the screenshot, but the Device Name is the public IP address? Have you tried just defining a name/description, then define the public ip address under the IP address field.

 

0 Helpful

MaErre21325
Beginner
Beginner
In response to Rob Ingram

‎06-16-2021 08:50 AM - edited ‎06-16-2021 08:52 AM

sorry Rob, my mistake, i've added the correct screenshot, both name and ip address are configured as usual, i've always added new subnet with no issues, this the fist time i receive that error and yes the vpn is working from 2 weeks.

the version is 6.6.1 (build 91) and i haven't found any bug at the moment.

0 Helpful

muriithikr
Beginner
Beginner

‎01-23-2022 08:39 AM

I have the below error too when trying to setup a site to site VPN on FTD running version 6.6.5:

muriithikr_0-1642955964120.png

 

 

 

0 Helpful

James12345
Beginner
Beginner

‎04-13-2022 04:49 PM

Hopefully if you are still having this issue you monitor the thread as I have ran into the same problem and after beating my head against my desk for some time the solution came to me. In my situation the issue was not with the Extranet node/side but instead the other. On the other node/side there is a checkbox under the IP Address which in my case was checked called "This IP is Private" and under that was the public IP address of our device manually entered. I unchecked "This IP is Private" which removed the manual entry and I was immediately allowed to save my other configuration modifications that I was making. 

muriithikr
Beginner
Beginner
In response to James12345

‎04-13-2022 11:57 PM

Hello James,

That was also the cause on my side. I had assumed that since the FTD was behind NAT I needed to the select the "This IP is Private" option. After reviewing the Cisco documentation, there was a note indicating that this option should be left unselected if the remote device is an Extranet device.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents