cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

CSCwe13781 - IKEv2 Multi-DVTI Hub Support FTD/ASA

PascalK
Level 1
Level 1

Hi folks,

we are using ASA for ages with cryptobased dynamic vpn tunnels. Working fine. Our ASA is close to support end and all our firewalls are FTDs managed by FMC. Our plan was to move from ASA to FTD for VPN so we have everything central managed in FMC. 

AnyConnect remote access is working fine. Now we started to migrate our site 2 site tunnels (400 dynamic vpn tunnels) but we are failing since months and cisco support isnt helping. 

We tried crypto based dynamic point2point or hub and spoke and there is only the defaultl2lgroup for tunnel-group created. Than cisco told us to use VTI:

Configure DVTI with Multi-SA on Secure Firewall - Cisco -> Yes DVTI ... but ouch: "Note: Cisco Secure Firewall added support fot DVTI on version 7.3 and currently it only supports one single DVTI as per Cisco bug ID CSCwe13781." LOL??? Cisco u serious?

Than I checked bugtracker: CSCwe13781 : Bug Search Tool (cisco.com)

"Known Fixed Releases (1 of 1)  7.4.1"
 
But with 7.4.1 THE SAME **bleep**. Only DefaultL2LGroup is created... Only ONE dynamic Point2Point or Hub&Spoke is possible...
 
 
 
Am I so stupid? Is cisco so stupid to not implement a function which is working FOR DECADES on ASA??? What am I doing wrong? 

 

Who Me Too'd this topic