Showing results for 
Search instead for 
Did you mean: 

FTD point to multi point l2l VPN


I have 2 FTD2140s in HA pair managed by FMC. This is the head end for several l2l/point to point VPNs.

What I need to do is have a l2l/point to point from this head end to two separate remote sites using the same encryption domain. Basically one head end IP to two separate remote end IPs using the same encryption domain.


if you are going to send to (primary)

if you are going to send to (secondary)

is that possible. Is there a document to show how to achieve this.



1 Accepted Solution
10 Replies 10

thanks Rob. that looks like what I need.

please update us when you run and success to run VPN between HQ and remote.


Reading the guide theres a limitation to VTI. it needs to be enabled at both ends. As the remote ends are in a 3rd party network I dont know if they will be capable. They are using firewalls in separate DR sites with a manual failover. I assume they change routing further back in the network to direct traffic to secondary firewall if primary fails.

Are there any other ways to achieve this scenario?


Thanks Rob. I really appreciate your help.

As I guess

I will look to find solution and share with you tonight 

MHM Cisco World
VIP Mentor VIP Mentor
VIP Mentor

FW HA only one is active, and I think you use dual ISP 
you can see the below guide for config FMC with primary/backup ISP

Configure Failover for IPSec Site-to-Site Tunnels with Backup ISP Links on FTD Managed by FMC - Cisco

Thanks for the responce. Probably my explanation was missing some detail. We dont have backup ISP. The head end IP stays the same on failover. The issue was having two remote site VPN termination points, different IPs with the same encryption domain.



Yes I get your Q not in original post but later in your reply. 
the issue what I think about here 
if the remote ISP1 is down and shift to ISP2 how HQ detect it?
if we config static route toward VTI-primary in HQ with preferred metric 
we need EEM or IP SLA.
that why I ask you when run dual VTI and success update us 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers