Buy or Renew
Buy or Renew
Notice: The file download function is disabled. We apologize for the inconvenience.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
762
Views
1
Helpful
2
Replies

Firepower hub and spoke VTI routed VPN network questions.

frehilsunio
Level 1
Level 1

‎10-27-2023 01:00 AM

I am converting a policy based mesh system to a dual hub and spoke system. I have the basics but trying to get specific information seems difficult. With fortigate I can use /32 addresses for each VTI. But most of the documentation I find for firepower is for pont to point networks and suggests using a /30. Do I need to make sure all of the sites are in the same subnet? Or can each one be a /32 address? I am planning on iBGP between all of the sites. On the hubs I was going to configure dynamic VTI that will use the loopback as the IP for the VTI. Looking forward to any comments or suggestions that everyone may have.

192.168.0.1 router login
Labels:
2 Replies 2

MHM Cisco World
VIP
VIP

‎11-18-2023 03:44 PM

This issur solved ?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame

‎11-18-2023 07:45 PM

We do not know much about what you have done so far. If we knew more we could provide better advice. One question you ask is fairly clear "Do I need to make sure all of the sites are in the same subnet?" and the answer is that no all sites are not in the same subnet.

You use the term VTI. I am not clear if your use of the term is the same as most of us in the community. We understand VTI to be Virtual Tunnel Interface, which we interpret to represent a tunnel with IP on both ends in a unique subnet, so /30 is the logical solution. If you have something else in mind please clarify what you intend.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents