cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
423
Views
5
Helpful
3
Replies

FTD Remote Access 2 FQDN 1 link

andype
Level 1
Level 1

Hi guys,

I'm trying to use an interface (Outside) to be used as VPN RA with 2 different FQDN. Both ISP's are connected in differents DC's and differents networking devices but via vlnas all comes to the same inteface from FTD, so I have 1 intefaces to outside zone, and NAT is configured to resolve each ISP goes to the same IP-Interface FTD.

I have one FQDN working (principal.domain.io - ISP1) and I would like the users be able to connect to another FQDN (backup.domain.io - ISP2) using the same RA Policy.

The certificate are configured to CN=principal.domain.io but have SAN added with the second ISP.

At the end, be able to used the backup ISP (configured in VPN Profile) and switch the ISP, if principal fails.

Thanks.

3 Replies 3

Hi Rob.

I understand your point. But in my case, I just have one only link/interface/IP to reach both ISP's as the image. Today RAVPN with ISP1 is working, but RAVPN with ISP2 fails.

The goal is get both FQDN's working in the same RAVPN Policy. it's possible this?

 

case.png

@andype but you have 2 FTD interfaces, so a default route via only one of the ISPs?

 

Yes, I just have one route to reach both ISP's. The switch core decides which ISP use if any of those fails.