FTD Dynamic VPNs

mateens · ‎08-24-2020

Hi, I am configuring site to site vpn with the remote end dynamic in FMC. Getting the following warnings. I am migrating these from ASA. Shouldnt they work in FTD as well ?

Warning:	Endpoint cannot participate in multiple topologies with remote peer having dynamic IP
Description:	Same device cannot participate in multiple VPN topologies where the remote peer device is dynamically addressed.
Cause:	Device HA-XYZ participates in two VPN topologies, 01-01 and 03-01, in which one or more of the remote peer(s) is dynamically addressed.
Action:	Please merge the VPN topologies to ensure only one topology has the device HA-XYZ peering with any number of dynamically addressed remote peer(s)

balaji.bandi · ‎08-24-2020

I have not tried it, as per the document remote end dynamic end supported - like to hub and spoke

so Hub side should be static IP right?

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/firepower_threat_defense_site_to_site_vpns.html

one question :

"remote end dynamic in FMC" can you clarify this?

mateens · ‎08-24-2020

FTD has static ip. All the other VPN locations have dynamic IPs. They are around 50 tunnels which will termitate with FTD. Worked fine with ASA. I cannot test it before hand was wondering why was there warning message. p.s I am chosing point-to-point topology in FTD.

FTD Dynamic VPNs

AnyConnect Certificate Based Authentication.

Getting past intermittent/unexplained 802.1x problems on Windows 7

Insights About Multiple Vulnerabilities in Cisco Discovery Protocol Implementations (CDPwn)