cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
353
Views
1
Helpful
4
Replies

FMC S2S route-based VPN - full mesh not available

cpaquet
Level 1
Level 1

It's probably a stupid question.. 

In FMC, when creating route-based S2S VPN (thus using static VTI), why is full mesh is grayed out?  Could it be done if all the devices participating in the full-mesh VPN were managed by FMC?

Thanks.

1 Accepted Solution

Accepted Solutions

@cpaquet Full Mesh is for crypto map based VPN, not VTI (P2P) or DVTI (hub and spoke). According to Cisco presenter at Cisco live earlier this year DVTI will not be developed for Full Mesh either, you'd have to route through the hub to another spoke or use another solution (DMVPN, FlexVPN etc).

View solution in original post

4 Replies 4

 

MHM

@cpaquet Full Mesh is for crypto map based VPN, not VTI (P2P) or DVTI (hub and spoke). According to Cisco presenter at Cisco live earlier this year DVTI will not be developed for Full Mesh either, you'd have to route through the hub to another spoke or use another solution (DMVPN, FlexVPN etc).

Thanks Rob.  So, I guess that it could be done, but it wont be done... similar to why DMVPN is only available on routers and not on Firewall? probably a question of sales, leave some features exclusive to routers.  Thanks for the prompt and concise reply.

Full mesh meaning all to all 

Partial mesh with VTI is done via hub and spoke using dvti. 

The different is only spoke to spoke traffic is not direct it need to pass through hub ftd. 

MHM

Review Cisco Networking for a $25 gift card