Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1073
Views
0
Helpful
2
Replies

Does FTD v6.4 support IPSec S2S tunnel redundancy?

SIMMN
Spotlight
Spotlight

‎08-20-2020 11:18 AM

I do not think FTD does but figure it is better check here, in case I missed anything...

 

I have FTD HA running v6.4.0.9 and the pair is managed by FMC. There are two Internet circuits (A and B) for the FTD which I setup IP SLA tracking for Internet failover already. The FTD has already also built a S2S tunnel via Internet A to another location. So does FTD support to have Internet B as backup to built the S2S tunnel to the same remote location if Internet A is down?

 

I could create a S2S VPN in FMC for the FTD using Internet B interface to this remote location (with necessary NAT and Pre-filter rules). The peer VPN device (ASA) can also be updated with Internet A&B IP addresses as peer...But the tunnel failed to come up at all...

0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-20-2020 07:41 PM

If you have created a second tunnel (with associated rules) definition and the routing flips over to that second interface / ISP then the tunnel should come up. I'd recommend digging into that behavior a bit deeper. A TAC case would probably be the most effective approach as it would be best worked with real time troubleshooting.

0 Helpful

SIMMN
Spotlight
Spotlight
In response to Marvin Rhoads

‎08-21-2020 05:37 AM

The setup is working now after I rebuilt the backup tunnel profile on FMC...I still donot know where went wrong the first time though.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card