Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
780
Views
1
Helpful
18
Replies

BGP between two remote FTD

sherali mamatkarimov
Level 1
Level 1

‎03-26-2024 11:18 PM

I have two Firepowers in two remote offices and i have two ISPs in each office, i had configured vti ipsec vpn between two offices but they are working with static routes, can i configure dynamic routing protocols for failover vpn? I tried to configure BGP but neighbours idle, what can you advice?

0 Helpful
18 Replies 18

Marius Gunnerud
VIP
VIP
In response to sherali mamatkarimov

‎04-03-2024 12:54 AM

Have you changed from using the WAN interface IP to the VTI IP in the BGP neighbor command?

You would also need to preempt BGP AS on the backup VTI on both sides so that only one link (Primary link) is used.  if the primary link fails this configuration will now automatically failover to the secondary VTI.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Rob Ingram
VIP
VIP

‎03-27-2024 01:20 AM

@sherali mamatkarimov have you configured Send Virtual Tunnel Interface IP to the peers and Allow incoming IKEv2 routes from the peers under the VPN endpoint?

0 Helpful

sherali mamatkarimov
Level 1
Level 1
In response to Rob Ingram

‎03-27-2024 08:10 PM - edited ‎03-27-2024 08:15 PM

I haven't this option

 111.png

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-28-2024 07:41 AM

What are your software versions at both ends?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card