https://community.cisco.com/t5/network-security/full-mesh-topology-with-ftds/m-p/4285166#M1078052 Hi,<BR /><BR />I am not sure if you saw the limitations of FTD VPN, but between leaf<BR />domains you can have extranet only. Only devices within same leaf domain<BR />can have topology.<BR /><BR /><A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/firepower_threat_defense_site_to_site_vpns.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/firepower_threat_defense_site_to_site_vpns.html</A><BR /><BR />***** please remember to rate useful posts<BR /> Wed, 03 Feb 2021 12:37:53 GMT Mohammed al Baqari 2021-02-03T12:37:53Z https://community.cisco.com/t5/network-security/full-mesh-topology-with-ftds/m-p/4285146#M1078050 <P>Hello all,</P><P>&nbsp;</P><P>Our offices are mpls connected and some of them have also local internet with FTD devices.</P><P>I am trying to create a full mesh topology on these offices as a backup, in case we lose mpls connection.</P><P>&nbsp;</P><P>All of our FTDs are connected and managed by a single FMC.</P><P>&nbsp;</P><P>When i am trying to create the full mesh topology under the global domain i get the below error</P><P>&nbsp;</P><P><EM>Firepower Threat Defense VPN allowed in leaf domain.</EM></P><P>&nbsp;</P><P>So i have to choose one a specific leaf domain. When i have entered on the specific leaf domain&nbsp;i get only the options of that FTD and extranet</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="ftd.PNG" style="width: 868px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/103588i7898D2D584E4F071/image-size/large?v=v2&amp;px=999" role="button" title="ftd.PNG" alt="ftd.PNG" /></span></P><P>&nbsp;</P><P>I have seen in few tutorials that all the devices are available when you create a VPN and the configuration is sent on every device.</P><P>In my situation, if i want to join 5 FTDs in the full mesh topology, i have to create 5 times on every leaf domain.</P><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><P>Is there any way to have all the devices available ?</P><P>&nbsp;</P><P>Thank you</P> Wed, 03 Feb 2021 12:12:15 GMT https://community.cisco.com/t5/network-security/full-mesh-topology-with-ftds/m-p/4285146#M1078050 anousakisioannis 2021-02-03T12:12:15Z https://community.cisco.com/t5/network-security/full-mesh-topology-with-ftds/m-p/4285166#M1078052 Hi,<BR /><BR />I am not sure if you saw the limitations of FTD VPN, but between leaf<BR />domains you can have extranet only. Only devices within same leaf domain<BR />can have topology.<BR /><BR /><A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/firepower_threat_defense_site_to_site_vpns.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/firepower_threat_defense_site_to_site_vpns.html</A><BR /><BR />***** please remember to rate useful posts<BR /> Wed, 03 Feb 2021 12:37:53 GMT https://community.cisco.com/t5/network-security/full-mesh-topology-with-ftds/m-p/4285166#M1078052 Mohammed al Baqari 2021-02-03T12:37:53Z https://community.cisco.com/t5/network-security/full-mesh-topology-with-ftds/m-p/4285179#M1078054 <P>Hello,</P><P>&nbsp;</P><P>If i delete a leaf (or more), the device that is under of it, how is it effected?</P><P>Will be only under global and that's it ? does it affect the config ?</P><P>&nbsp;</P> Wed, 03 Feb 2021 12:51:11 GMT https://community.cisco.com/t5/network-security/full-mesh-topology-with-ftds/m-p/4285179#M1078054 anousakisioannis 2021-02-03T12:51:11Z