07-19-2022 12:01 AM
Hello,
Does anyone know if it's possible to run RA VPN on a user-defined virtual router in FTD or if that's only suported in the global virtual router?
/Chess
Solved! Go to Solution.
07-19-2022 01:00 AM
@Chess Norris You could try to force a route based VTI to communicate with a policy based VPN, but you'd need to reconfigure the remote end to use 0.0.0.0/0.0.0.0 in the crypto ACL to define the interesting traffic. It's better and simplier to use a VTI on both ends.
07-19-2022 12:09 AM
@Chess Norris as of the latest FTD version 7.2, there is no information about supporting terminating a RAVPN on a user-defined virtual router, but you can now terminate a VTI on a user defined virtual router.
07-19-2022 12:39 AM
Thanks. Can you run RA VPN on a VTI or is that just for L2L tunnels?
/Chess
07-19-2022 12:46 AM
@Chess Norris no you can't, thats for L2L VPN only.
Sorry, I just mentioned it for reference.
07-19-2022 12:53 AM
I can run the RA VPN on the global virtual router and the L2L VPN on a VTI so it shouldn't be any problem, but I have one more question about this. At the moment the L2L VPN is policy-based and I guess I need to migrate to route-based if I want to use a VTI? Can I do this migration without affecting the other side of the tunnel or do they need to make changes on their side as well?
Thanks
/Chess
07-19-2022 01:00 AM
@Chess Norris You could try to force a route based VTI to communicate with a policy based VPN, but you'd need to reconfigure the remote end to use 0.0.0.0/0.0.0.0 in the crypto ACL to define the interesting traffic. It's better and simplier to use a VTI on both ends.
07-19-2022 01:06 AM
Thanks for you help. Much appreciated.
/Chess
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide