08-24-2018 01:08 PM
Will a FTD firewall remove a RRI created static route for a L2L destination (protected network) if that tunnel’s SAs tear down? I am looking to configure automated fail-over for an entity that has two separate VPN Hubs in different locations. I think it could be done easily with setting multiple peers and originate-only on the remote end and setting the Hubs to answer-only if RRI would not create the static routes on the secondary if the SAs were not built.
08-26-2018 07:43 PM
Hey,
Currently we do not support dynamic route addition for static crypto maps on FTD.
Refer this bug:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi12712/?reffering_site=dumpcr
Regards
Dhruv
Do Rate the helpful Posts!
08-26-2018 10:10 PM
08-27-2018 05:54 AM
Is RRI on the roadmap anywhere? It would be nice to be able to have the routes pulled should the SAs to the primary VPN head-end be torn down. I just don't feel like you get that kind of granularity with IP SLA.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide