Policy based ipsec deployment getting failed in FTD

ashish.saxena1 · ‎02-22-2023

Hello All,

I am trying to deploy policy based tunnel in ftd/fmc running on version 6.7.0.3.

Deployment is getting failed with following error "Crypto features are not supported on zone interfaces"

Kindly guide me how to solve this issue

crypto ikev2 enable Jio-ISP

FMC >> clear configuration session OBJECT

IND-JAI-FW01 >> info : Session OBJECT does not exist.

FMC >> clear configuration session FMC_SESSION_1

IND-JAI-FW01 >> info : Session FMC_SESSION_1 does not exist.

FMC >> clear configuration session FMC_SESSION_2

IND-JAI-FW01 >> info : Session FMC_SESSION_2 does not exist.

FMC >> no strong-encryption-disable

FMC >> logging debug-trace

IND-JAI-FW01 >> info : INFO: 'logging debug-trace' is enabled. All debug messages are currently being redirected to syslog:711001 and will not appear in any monitor session

FMC >> dp-tcp-proxy

FMC >> policy-map global_policy

FMC >> class class-default

FMC >> exit

FMC >> crypto isakmp nat-traversal

FMC >> crypto ikev2 enable Jio-ISP

IND-JAI-FW01 >> error : ERROR: Crypto features are not supported on zone interfaces.

Config Error -- crypto ikev2 enable Jio-ISP

Other logs

Lina config ROLLBACK failure log

Lina configuration application failure. Error in lina apply phase due to Config Error response from LINA

Rollback skipped as Lina and SNORT are in sync

Write mem executed as Lina and SNORT are in sync

Lina write mem operation successful

lakshman.mishra1 · ‎02-22-2023

Hi Ashish,

For FTD versions prior to 7.1, ECMP zone-member interfaces are not supported in Site-to-site VPN or
in Remote Access IPsec-IKEv2 VPN.

Same I have communicated to Sunny mehra..

Hope my answer will help...

Regards,

Lakshman Mishra