Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
549
Views
5
Helpful
1
Replies

FTD Remote Access VPN

Go to solution
Irakli Gvishiani
Level 1
Level 1

‎08-19-2021 04:02 AM

Hello,

 

We have cisco FTD 1140. We have configured several outside interfaces: ISP_1, ISP_2, Outside.

We are planning to use Outside interface as a Interface for Anyconnect VPN. But for peering with ISPs we use ISP_1 and ISP_2 Interfaces. There are configured default routes with IP SLA for redundancy, ISP_1 is primary. The IP range (/29) which we have assigned on Outside interface is a ISP_1 Provider range, which they provide it for us. Whole /29 range is our, ISP_1 Provider just add static route in his side and next hop is our ISP_1 interface. In this scenario when we would like to connect to Anyconnect traffic from Internet will come to ISP_1 Interface and then "jump" to Outside interface. Will it work? Do I need to take account for example uRPF check or something other? 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni

‎08-19-2021 01:12 PM

Hi @Irakli Gvishiani,

I believe this should work, if you assign all 3 interfaces to the same security zone (which essentially is true - all interfaces are 'outside'). Security zone concept was designed for such cases. From there, you should use this security zone as relevant object across all your configuration. You can find relevant guide here.

BR,

Milos

View solution in original post

1 Reply 1

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni

‎08-19-2021 01:12 PM

Hi @Irakli Gvishiani,

I believe this should work, if you assign all 3 interfaces to the same security zone (which essentially is true - all interfaces are 'outside'). Security zone concept was designed for such cases. From there, you should use this security zone as relevant object across all your configuration. You can find relevant guide here.

BR,

Milos

Customers Also Viewed These Support Documents