Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
685
Views
0
Helpful
3
Replies

LAN-to-LAN VPN Failover with FTD

wgharding4
Level 1
Level 1

‎08-24-2018 01:08 PM

Will a FTD firewall remove a RRI created static route for a L2L destination (protected network) if that tunnel’s SAs tear down?  I am looking to configure automated fail-over for an entity that has two separate VPN Hubs in different locations.  I think it could be done easily with setting multiple peers and originate-only on the remote end and setting the Hubs to answer-only if RRI would not create the static routes on the secondary if the SAs were not built.

1 person had this problem
Labels:
0 Helpful
3 Replies 3

dhgoel
Cisco Employee
Cisco Employee

‎08-26-2018 07:43 PM

Hey,

 

Currently we do not support dynamic route addition for static crypto maps on FTD.

Refer this bug:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi12712/?reffering_site=dumpcr

 

Regards

Dhruv

 

Do Rate the helpful Posts!

0 Helpful

Mohammed al Baqari
Level 11
Level 11

‎08-26-2018 10:10 PM

RRI isn't support on FTD as Dhruv mentioned. You need to look for other
options such as static routes with SLA tracking
0 Helpful

wgharding4
Level 1
Level 1
In response to Mohammed al Baqari

‎08-27-2018 05:54 AM

Is RRI on the roadmap anywhere?  It would be nice to be able to have the routes pulled should the SAs to the primary VPN head-end be torn down.  I just don't feel like you get that kind of granularity with IP SLA.

0 Helpful
Customers Also Viewed These Support Documents