Re: FTD dual ISP and Site2Site VPN

AveLor46429 · ‎07-14-2020

Hello.

I have some FTD 2110, managed by FMC. I make site2site ipsec (hub and spoke topology).

So on spokes I start to connect secondary ISP for failover. How I can make failover site2site?

for extranet type of spoke I could set peer IP and backup IP. But how I can achive this on managed FTDs?

Thank you.

FMC and FTD has version 6.6

AKK · ‎07-15-2020

Hi,

Please share your connectivity diagram with Dummy IP to check the solution.

Regards,

AKK

AveLor46429 · ‎07-15-2020

Thank for your answer!

If I understood you correctly, diagram seems something like that:

each FTD at HA mode, and braches more than two.

Marius Gunnerud · ‎01-09-2023

Look into using routed site to site VPN (VTI). This way you can use dynamic routing to identify the preferred path and backup path.

--
Please remember to select a correct answer and rate helpful posts

AveLor46429 · ‎07-22-2020

So, I try to make two hub&spoke topology, with hub answer-only and spokes originate (routes to failover ISP is tracked) but it does not seem to work.

May be there is another way or may be some pitfails?..

edh@oneonta.com · ‎01-09-2023

Has anyone figured this out? I am in the same situation and haven't been able to create this topology in a way that works.

MHM Cisco World · ‎01-09-2023

make new post and ask your Q