02-14-2023 01:30 PM
Hi guys,
I'm trying to use an interface (Outside) to be used as VPN RA with 2 different FQDN. Both ISP's are connected in differents DC's and differents networking devices but via vlnas all comes to the same inteface from FTD, so I have 1 intefaces to outside zone, and NAT is configured to resolve each ISP goes to the same IP-Interface FTD.
I have one FQDN working (principal.domain.io - ISP1) and I would like the users be able to connect to another FQDN (backup.domain.io - ISP2) using the same RA Policy.
The certificate are configured to CN=principal.domain.io but have SAN added with the second ISP.
At the end, be able to used the backup ISP (configured in VPN Profile) and switch the ISP, if principal fails.
Thanks.
02-14-2023 01:49 PM
Hi Rob.
I understand your point. But in my case, I just have one only link/interface/IP to reach both ISP's as the image. Today RAVPN with ISP1 is working, but RAVPN with ISP2 fails.
The goal is get both FQDN's working in the same RAVPN Policy. it's possible this?
02-14-2023 01:53 PM
@andype but you have 2 FTD interfaces, so a default route via only one of the ISPs?
02-14-2023 01:56 PM - edited 02-14-2023 01:59 PM
Yes, I just have one route to reach both ISP's. The switch core decides which ISP use if any of those fails.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide