Solved: Re: Site2site vpn setup on 2110 FTD

Chuck Reimer · ‎08-08-2024

Is it possible to setup an FTD 2110 cluster that would support VPN and/or Site2Site connections?

Rob Ingram · ‎08-08-2024

@Chuck Reimer I assume you mean HA Active/Standby failover pair rather than a cluster? As the 2100 doesn't support clustering, only the 3000, 4000 and 9300 series hardware support clustering.

If Active/Standby failover pair, then yes they support S2S VPN (and remote access VPN) https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/740/management-center-device-config-74/vpn-s2s.html

https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/215470-site-to-site-vpn-configuration-on-ftd-ma.html

View solution in original post

Rob Ingram · ‎08-08-2024

@Chuck Reimer I assume you mean HA Active/Standby failover pair rather than a cluster? As the 2100 doesn't support clustering, only the 3000, 4000 and 9300 series hardware support clustering.

If Active/Standby failover pair, then yes they support S2S VPN (and remote access VPN) https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/740/management-center-device-config-74/vpn-s2s.html

https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/215470-site-to-site-vpn-configuration-on-ftd-ma.html

MHM Cisco World · ‎08-08-2024

fpr 2000 series dont support cluster but only HA active/passive

And yes you can config vpn between HA and other peer' config vpn using active unit IP not standby that only what ypu need.

MHM

Chuck Reimer · ‎08-08-2024

Hi @Rob Ingram yes sorry HA not clustering. Thanks for help!