12-30-2020 12:22 AM
Hello community
am new on using cisco firepower FTD NGFW, i want to configure two ISP links for auto failover on l2l VPN tunnels
current am using only one ISP link and needs to add other ISP for redundant, anyone who has implemented this please advise
device Model : Cisco Firepower 2110 Threat Defense (77) Version 6.4
Thank you.
Solved! Go to Solution.
12-30-2020 12:29 AM
Configure IP SLA and tracking as per this example. Then on the hub firewall configure 2 crypto map configurations. On the remote peer you will need to define both IP addresses of your ISP link (primary and secondary). In the event the first ISP link goes down, on the hub the IP SLA will remove the default route, add the new route via the secondary ISP link. The spoke router will attempt determine the first peer is no longer reachable and attempt to connect to the secondary ISP link as defined in the configuration. Ensure Dead Peer Detection (DPD) is configured to detect the VPN is down.
12-30-2020 01:04 AM
@Rob Ingram Thank you, am working on it.
12-30-2020 12:29 AM
Configure IP SLA and tracking as per this example. Then on the hub firewall configure 2 crypto map configurations. On the remote peer you will need to define both IP addresses of your ISP link (primary and secondary). In the event the first ISP link goes down, on the hub the IP SLA will remove the default route, add the new route via the secondary ISP link. The spoke router will attempt determine the first peer is no longer reachable and attempt to connect to the secondary ISP link as defined in the configuration. Ensure Dead Peer Detection (DPD) is configured to detect the VPN is down.
12-30-2020 01:04 AM
@Rob Ingram Thank you, am working on it.
12-30-2020 02:26 AM
IP SLA features are missing on my firepower devices, possibly license issue, what are the procedure of getting license for this functionality to work.
12-30-2020 02:32 AM
Not a license issue, but it looks like you'll have to upgrade as IP SLA feature was only added to FTD from version 6.5. Consider upgrading to 6.6.1 as this is currently the gold star recommended version.
Reference here
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide