Solved: Cannot delete a FTD device from FMC when L2L VPN tunnel is configured

Chess Norris · ‎11-21-2021

Hi,

FMC won't let me delete a FTD device that have a L2L VPN tunnel configured.

I am getting the following error, if I try.

The Device 'FTD01' cannot be deleted because the following VPN Configuration(s) refer this device.
Site to Site : LAB_l2L

Please edit/remove the VPN configuration(s) to delete the device.

Is there any way around this? I need to replace the hardware and therefore delete the old device from FMC.

But would like to keep the VPN konfig and deploy it to the new device.

Thanks

/Chess

Marvin Rhoads · ‎11-22-2021

You can capture all of the relevant VPN parameters from either screenshots via a "show run" from the cli.

If you need the preshared key you can go to the lina cli (system support diagnostic-cli) and use "more system:running-config".

Then you can remove the config in FMC and delete the device and use the parameters you've gathered to recreate it later on the new device. It only takes 10-15 minutes to do so.

View solution in original post

Marvin Rhoads · ‎11-22-2021

You can capture all of the relevant VPN parameters from either screenshots via a "show run" from the cli.

If you need the preshared key you can go to the lina cli (system support diagnostic-cli) and use "more system:running-config".

Then you can remove the config in FMC and delete the device and use the parameters you've gathered to recreate it later on the new device. It only takes 10-15 minutes to do so.

Massimo Baschieri · ‎11-22-2021

If you can register the new device to FMC before deleting the old one you can also change vpn configuration pointing to the new peer and deploy, FMC will take care of deleting vpn configuration from the old device and creating it on the new one.

However saving the relevant configuration from CLI, as you suggested, it's a good practice anyway.

Chess Norris · ‎11-23-2021

Thanks guys

/Chess