cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for SD-WAN Resources to help you on your journey with SD-WAN

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

138
Views
0
Helpful
0
Replies
sphbecker1
Beginner

FTDv in Azure as VPN Hub

I currently have 18 offices all with Firepower FTD devices as their network edge device, each with a s2s VPN connection to an Azure Virtual Network Gateway (VNG) as a hub. I am testing the idea of using our FTDv in Azure as the hub device instead of the VNG so that the Firepower Management Center can fully manage the VPN connections.

What I am trying to do would be pretty easy if the hub was a physical FTD device, but I am running into issues with the way Azure handles its public IP addresses. The FTDv's outside interface gets a privet IP address, which is then NATed to public in the Azure network fabric (I don't believe Azure allows direct assignment of a public IP to a virtual interface). Due to this design, the FMC is trying to use the privet IP address to configure VPN tunnels, which clearly doesn't work.

Any way to get around this without resorting to building each VPN tunnel manually?

0 REPLIES 0
Content for Community-Ad