Solved: Cisco firepower 1150 multi ISP and Remote Access VPN

axiceleet · ‎04-01-2025

Hello,

I have a Cisco Firepower 1150 running firmware version 7.6 with three connections to different ISPs.

I want to set up Remote Access VPN (AnyConnect), but I encountered a limitation: Firepower only allows configuring VPN on a single external interface. I successfully configured VPN on one external interface via the web interface, but I cannot add other interfaces for VPN.

My goal is to enable VPN access through all three ISP connections. If one ISP goes down, clients should automatically switch to another.

What are the possible solutions? Is there a way to enable VPN server on all three ISPs?

I would appreciate any advice or working configurations!

Thank you!

Rob Ingram · ‎04-02-2025

@axiceleet I assume you are using FDM? which is limited to enabled RAVPN on one interface, perhaps migrate to FMC/cdFMC management and then you can enable RAVPN on multiple interfaces.

View solution in original post

ahollifield · ‎04-02-2025

You will need some sort of GSLB to route the DNS correctly, based on the ISP status. Are you using FDM or FMC?

Rob Ingram · ‎04-02-2025

@axiceleet I assume you are using FDM? which is limited to enabled RAVPN on one interface, perhaps migrate to FMC/cdFMC management and then you can enable RAVPN on multiple interfaces.

axiceleet · ‎04-28-2025

Thank you for answer!

I will use FMC management to enble RAVPN on multiple interfaces.