Symptom
FMC S2S VPN dashboard show tunnel down/inactive , however FTD CLI is showing the right status
issue is seem when FTD HA is set with FTD secondary as active with a different VPN IP address
example
FTD pair A
Secondary - Active
Interface "VPN interface" 10.10.10.71
Primary - Standby Ready
Interface "VPN interface" 10.10.10.72
set peer
crypto map CSM_interface_VPN_map 1 set peer 10.10.10.75
FTD pair B
Secondary - Active
Interface "VPN interface" 10.10.10.75
Primary - Standby Ready
Interface "VPN interface" 10.10.10.76
Set peer
crypto map CSM_interface_VPN_map 1 set peer 10.10.10.71
to confirm tunnel status on FTD CLI
show vpn-sessiondb detail l2l filter ipaddress <IP
Conditions
Using FTD on HA
Primary/Standby and Secondary/Active
Workaround
Make sure FTD HA is set as Primary/Active and Secondary/Standby on both S2S ends
if might happen on extranet peer
