Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist

Cisco - Defect ID: CSCwd71274

S2S VPN dashboard shows ipv4 SVTI tunnel down between KP-HA and WA-HA after KP-HA Switch role.

Last updated on 9/7/2024

Overall
6.16.1
Severity
6.46.4
Lifecycle
9.19.1
Popularity
4.64.6
What is the BugZero Risk Score?

Vendor details

  • No defect details.

Symptom

FMC S2S VPN dashboard show tunnel down/inactive , however FTD CLI is showing the right status issue is seem when FTD HA is set with FTD secondary as active with a different VPN IP address example FTD pair A Secondary - Active Interface "VPN interface" 10.10.10.71 Primary - Standby Ready Interface "VPN interface" 10.10.10.72 set peer crypto map CSM_interface_VPN_map 1 set peer 10.10.10.75 FTD pair B Secondary - Active Interface "VPN interface" 10.10.10.75 Primary - Standby Ready Interface "VPN interface" 10.10.10.76 Set peer crypto map CSM_interface_VPN_map 1 set peer 10.10.10.71 to confirm tunnel status on FTD CLI show vpn-sessiondb detail l2l filter ipaddress <IP

Conditions

Using FTD on HA Primary/Standby and Secondary/Active

Workaround

Make sure FTD HA is set as Primary/Active and Secondary/Standby on both S2S ends if might happen on extranet peer

Further Problem Description


Ready to prevent the next vendor outage?

Get a demo
BugZero | Cisco BugID CSCwd71274 - S2S VPN dashboard shows ipv4 SVTI tunnel down betw...