Full mesh topology with FTDs

anousakisioannis · ‎02-03-2021

Hello all,

Our offices are mpls connected and some of them have also local internet with FTD devices.

I am trying to create a full mesh topology on these offices as a backup, in case we lose mpls connection.

All of our FTDs are connected and managed by a single FMC.

When i am trying to create the full mesh topology under the global domain i get the below error

Firepower Threat Defense VPN allowed in leaf domain.

So i have to choose one a specific leaf domain. When i have entered on the specific leaf domain i get only the options of that FTD and extranet

I have seen in few tutorials that all the devices are available when you create a VPN and the configuration is sent on every device.

In my situation, if i want to join 5 FTDs in the full mesh topology, i have to create 5 times on every leaf domain.

Is there any way to have all the devices available ?

Thank you

Mohammed al Baqari · ‎02-03-2021

Hi,

I am not sure if you saw the limitations of FTD VPN, but between leaf
domains you can have extranet only. Only devices within same leaf domain
can have topology.

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/firepower_threat_defense_site_to_site_vpns.html

***** please remember to rate useful posts

anousakisioannis · ‎02-03-2021

Hello,

If i delete a leaf (or more), the device that is under of it, how is it effected?

Will be only under global and that's it ? does it affect the config ?