Recently set up a site-to-site tunnel to Azure on FTD 2110s (version 6.7.0) and have come across a curious bug. We have an internal subnet of 10.0.48.0/23 that when added to the crypto map sometimes pings to servers on the azure subnet of 10.50.1.0/16 subnet and sometimes not.
We spent hours troubleshooting and Cisco took a day to respond, however we were able to find a work-round for the problem before they could get back to us by separating the subnet into 10.0.48.0/24 and 10.0.49.0/24 in the crypto-map. we also have a 192.168.110.0/23 and a 10.0.44.0/23 which have caused us no problems. Also, all the other /24 subnets have no problems.
This has to be a bug right? At first I thought it was our core switches having issues (nexus 7k), but once I changed from one /23 to two /24 the problem went away.
Any ideas at all?
No comments:
Post a Comment