10-26-2020 02:04 PM
Hi,
I am going to set up site to site vpn between my company and client company.
My company uses Cisco FTD.
My client company uses AWS. AWS uses two gateways when setting a tunnel as default.
Can we set up vpn from FTD to two AWS gateways?
Thanks
Loc
10-26-2020 02:13 PM - edited 10-26-2020 02:16 PM
Hi @Loc Nguyen
With FTD version 6.6 you can define multiple IKEv2 peers. So in your configuration you define a primary peer address and a backup peer, which is used if the primary fails.
Alternatively you can setup 2 individual crypto maps as normal.
If you needed VTI's, they are not supported on FTD until version 6.7 which is out Oct/Nov 2020.
HTH
10-26-2020 03:47 PM - edited 10-26-2020 03:49 PM
Loc, good to see around man. As Rob mentioned, as of now, FTD does not support route based VPN. If I remember correctly from my back days at RackSpace, AWS would not support policy based VPN, this means you would need to configure your VPN tunnel with one single SA, therefore, one single encryption domain. If you have multiple local encryption domains that should be protected by the tunnel, again if memory serves :), we used to use any as the local encryption domains on the crypto ACL.
11-05-2020 09:52 AM
Yeah, good to see you again. Thanks for the answer.
12-01-2020 08:45 PM - edited 12-01-2020 08:46 PM
Hi,
I can initiate a traffic from ASA and bring up the tunnel.
I could not find a way to make/setup AWS to initiate traffic to bring the tunnel up.
Could you advise?
Thanks
Loc
10-29-2020 11:33 AM
Just adding to Aref's comments.
That's right, we should use any as the source traffic for policy-based VPNs.
If we want to use VTIs without BGP, AWS support recommends to shutdown the backup tunnel (odd). I have had many issues with Cisco ASA-AWS where the return traffic arrives on the backup tunnel time to time.
11-05-2020 09:53 AM
Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide