Re: FTD with Multiple IP addresses

caroke · ‎06-10-2022

Hello Dears

We have Firepower (FMC and FTD) , Our ISP gave us a Private IP (10.1.1.10) and and 2 Pubic IPs (2.1.1.1 + 2.1.1.2 )

our default gateway is VRRP (10.1.1.1)

I will translate (2.1.1.1 ) to our server in DMZ But I don't know how to assign (2.1.1.2) IP address on firewall Interface as secondary to be used for Remote access VPN or Site to site VPN .

As I searched FTD does not support secondary IP address

Flavio Miranda · ‎06-10-2022

Hi

If I understood correctly, you have one connection with ISP through the IP address 10.1.1.10, right. And they gave you two valid IP address for internet access?

One of them you are going to DMZ internet access and the other one you want to put as secondary? dont follow you here.

Why dont you use for NAT only?

caroke · ‎06-10-2022

Hi Flavio,

Thanks for your Answer,

I want to set (10.1.1.10) on Firewall outside interface, my question is how can I use second IP(2.1.1.2) for Site to Site or remote site VPN (as I have set private IP as outside interface .

MHM Cisco World · ‎06-10-2022

As I unwon you can do as following
ask your Service Provider to do NAT in ISP router
so
NAT FTD(inside subnet)->FTD(private IP) in FTD
NAT FTD(private IP)->ISP(public IP) in ISP

for VPN S2S
other Peer will use ISP(public IP) as set peer

Marius Gunnerud · ‎06-12-2022

The second IP would need to be assigned to a physical interface if you are going to use it for VPN. This would also make more sense as you do not want both IP on the same interface. If the interface fails then it doesn't matter if you have a secondary IP assigned to that interface.

--
Please remember to select a correct answer and rate helpful posts