https://community.cisco.com/t5/network-security/ftd-vpn-question/m-p/4933331#M1104759 <P>Hi</P><P>We are using Policy Based VPN</P><P>Thanks</P> Tue, 03 Oct 2023 11:31:02 GMT benolyndav 2023-10-03T11:31:02Z https://community.cisco.com/t5/network-security/ftd-vpn-question/m-p/4933303#M1104756 <P>Hi</P><P>We have an FTD with Global and 3 Virtual Routers(vrf) configured on it all these use the same default route via Global Inet connection,</P><P>Is it possible for me to esatablish a VPN from the Inet facing Interface and allow only one VRF's traffic across the VPN, So basically this VRF would now send all its traffic via the VPN.??</P><P>&nbsp;</P><P>Thanks</P> Tue, 03 Oct 2023 10:30:57 GMT https://community.cisco.com/t5/network-security/ftd-vpn-question/m-p/4933303#M1104756 benolyndav 2023-10-03T10:30:57Z https://community.cisco.com/t5/network-security/ftd-vpn-question/m-p/4933309#M1104758 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/445131">@benolyndav</a> what version of FTD are you using? Are you using a Policy or Route Based VPN (VTI)?</P> <P>The latest version 7.3/7.4 supports user-defined virtual routers (VRFs) for VTIs</P> Tue, 03 Oct 2023 10:44:59 GMT https://community.cisco.com/t5/network-security/ftd-vpn-question/m-p/4933309#M1104758 Rob Ingram 2023-10-03T10:44:59Z https://community.cisco.com/t5/network-security/ftd-vpn-question/m-p/4933331#M1104759 <P>Hi</P><P>We are using Policy Based VPN</P><P>Thanks</P> Tue, 03 Oct 2023 11:31:02 GMT https://community.cisco.com/t5/network-security/ftd-vpn-question/m-p/4933331#M1104759 benolyndav 2023-10-03T11:31:02Z https://community.cisco.com/t5/network-security/ftd-vpn-question/m-p/4933335#M1104760 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/445131">@benolyndav</a> unfortunately I do not believe virtual routers (VRF) are supported using policy based VPNs, only routed based VPN (VTI) appear to support VRF.</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/720/management-center-device-config-72/vpn-s2s.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/720/management-center-device-config-72/vpn-s2s.html</A></P> <P>&nbsp;</P> Tue, 03 Oct 2023 11:35:50 GMT https://community.cisco.com/t5/network-security/ftd-vpn-question/m-p/4933335#M1104760 Rob Ingram 2023-10-03T11:35:50Z https://community.cisco.com/t5/network-security/ftd-vpn-question/m-p/4933340#M1104761 <P>Hi</P><P>So the vpn is between the outside interface and the 3rd party peer the outside interface is in the gloal routing I would add the traffic to the vpn and add a static route in the vrf&nbsp; &nbsp;any-ipv4&nbsp; to internet which is leaked from global, are you saying that wouldnt work ??</P><P>Thanks</P> Tue, 03 Oct 2023 11:48:07 GMT https://community.cisco.com/t5/network-security/ftd-vpn-question/m-p/4933340#M1104761 benolyndav 2023-10-03T11:48:07Z https://community.cisco.com/t5/network-security/ftd-vpn-question/m-p/4933350#M1104763 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/445131">@benolyndav</a> so if the VPN is in the global routing table, then routing leaking from a user-defined vrf should work.</P> <P>I assumed you wanted to use user-defined VRF for VPNs, which is not supported unless using a VTI (on newer FTD versions).</P> Tue, 03 Oct 2023 12:14:03 GMT https://community.cisco.com/t5/network-security/ftd-vpn-question/m-p/4933350#M1104763 Rob Ingram 2023-10-03T12:14:03Z https://community.cisco.com/t5/network-security/ftd-vpn-question/m-p/4933386#M1104765 <P>Friend it work&nbsp; use pbr and forward traffic via vpn.</P> <P>Did you check this solution?</P> Tue, 03 Oct 2023 13:26:03 GMT https://community.cisco.com/t5/network-security/ftd-vpn-question/m-p/4933386#M1104765 MHM Cisco World 2023-10-03T13:26:03Z