Does anyone know if it's possible to configure a backup peer with the firepower management center VPN configuration - ideally in full mesh topology
On ASA this would be configured on the crypto-map something like "crypto map outside_map 10 set peer 188.8.131.52 184.108.40.206"
It's really a big limitation of the product if we can only have a single internet connection in each site (or at least without using an additional router/DMVPN/etc), as I was hoping to keep the number of devices and complexity to a minimum
Thanks in advance
Thanks for that, my understanding of Extranet device is that it should be used for devices that cannot be managed in FMC (but all my devices can be managed on FMC), is there a way to do this and still have them under FMC's management?
There doesn't appear to be (that I am aware of) an elegant or obvious way of configuring this yet, for FTD's managed by the same FMC. Whether the previous suggestion of using FlexConfig to configure an additional peer works I dont know, as I have not tested.
OK thanks, thats the conclusion i've come to as well, it's a real shame that FMC/FTD appears to be lacking these enterprise-level VPN features... I don't think many customers would be happy with being limited to a single WAN connection for their VPNs
I will have a look at FlexConfig but it already seems like a workaround that I wouldnt really be happy to put into production, my aim for my project is simplify our management and using additional scripts to fix missing functionality isn't helping that..
In 6.2.3 and above, this feature is available.
In the peer definition, when you choose an Extranet device, you can supply two IP's separated by a comma, for the IP address. This will define them as redundant peers for the same VPN.