08-19-2021 04:02 AM
Hello,
We have cisco FTD 1140. We have configured several outside interfaces: ISP_1, ISP_2, Outside.
We are planning to use Outside interface as a Interface for Anyconnect VPN. But for peering with ISPs we use ISP_1 and ISP_2 Interfaces. There are configured default routes with IP SLA for redundancy, ISP_1 is primary. The IP range (/29) which we have assigned on Outside interface is a ISP_1 Provider range, which they provide it for us. Whole /29 range is our, ISP_1 Provider just add static route in his side and next hop is our ISP_1 interface. In this scenario when we would like to connect to Anyconnect traffic from Internet will come to ISP_1 Interface and then "jump" to Outside interface. Will it work? Do I need to take account for example uRPF check or something other?
Solved! Go to Solution.
08-19-2021 01:12 PM
I believe this should work, if you assign all 3 interfaces to the same security zone (which essentially is true - all interfaces are 'outside'). Security zone concept was designed for such cases. From there, you should use this security zone as relevant object across all your configuration. You can find relevant guide here.
BR,
Milos
08-19-2021 01:12 PM
I believe this should work, if you assign all 3 interfaces to the same security zone (which essentially is true - all interfaces are 'outside'). Security zone concept was designed for such cases. From there, you should use this security zone as relevant object across all your configuration. You can find relevant guide here.
BR,
Milos
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide