Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
792
Views
5
Helpful
1
Replies

Cisco FTD Remote Access and S2S VPN

arturmelyan
Level 1
Level 1

‎01-18-2020 10:48 AM - edited ‎02-21-2020 09:50 AM

Hello,

 

Please see attached diagram.

The advertised network is subnetted and 2 of subnets with 26 prefix length are beyond the FirePower and are available from the Internet. 

10 ip addresses from 3th subnet(1.1.1.128/26) are assigned to the NAT Pool and hosts in the Inside network are natted with this Nat Pool.

On the Outside interfaces of FirePower are Private addresses configured. 

Is it possible somehow configure Remote Access VPN by using any IP address from the 3th subnet 1.1.1.128/26 as a Gateway for anyconnect clients? and S2S VPN as well? Since, the ip addresses from this subnet are configured nowhere, I wonder to know if I have to set them either on other interfaces or what to do. Or I have to definitely configure this Public addresses on the Outside interfaces of FirePower? 

 

Thank you in advance

 

 

Labels:
Preview file
59 KB
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎01-18-2020 10:58 AM

Hi,
You can only establish a VPN tunnel (either RAVPN or S2S) to the IP address that is assigned to the actual interface (external/outside facing interface).

HTH
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card