06-10-2022 03:30 AM
Hello Dears
We have Firepower (FMC and FTD) , Our ISP gave us a Private IP (10.1.1.10) and and 2 Pubic IPs (2.1.1.1 + 2.1.1.2 )
our default gateway is VRRP (10.1.1.1)
I will translate (2.1.1.1 ) to our server in DMZ But I don't know how to assign (2.1.1.2) IP address on firewall Interface as secondary to be used for Remote access VPN or Site to site VPN .
As I searched FTD does not support secondary IP address
06-10-2022 04:03 AM
Hi
If I understood correctly, you have one connection with ISP through the IP address 10.1.1.10, right. And they gave you two valid IP address for internet access?
One of them you are going to DMZ internet access and the other one you want to put as secondary? dont follow you here.
Why dont you use for NAT only?
06-10-2022 04:26 AM
Hi Flavio,
Thanks for your Answer,
I want to set (10.1.1.10) on Firewall outside interface, my question is how can I use second IP(2.1.1.2) for Site to Site or remote site VPN (as I have set private IP as outside interface .
06-10-2022 12:10 PM
As I unwon you can do as following
ask your Service Provider to do NAT in ISP router
so
NAT FTD(inside subnet)->FTD(private IP) in FTD
NAT FTD(private IP)->ISP(public IP) in ISP
for VPN S2S
other Peer will use ISP(public IP) as set peer
06-12-2022 09:16 PM
The second IP would need to be assigned to a physical interface if you are going to use it for VPN. This would also make more sense as you do not want both IP on the same interface. If the interface fails then it doesn't matter if you have a secondary IP assigned to that interface.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide