Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
338
Views
0
Helpful
2
Replies

FTD site-to-site vpn

S891
Level 2
Level 2

‎02-16-2023 07:58 AM

Hi there,

Is it a requirement that changes to allowed vpn  traffic prefixes be done at same time on both ends? Would it create trouble with other vpn traffic considering that change is for only new networks being added as interesting traffic.

 

Labels:
0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎02-16-2023 08:02 AM - edited ‎02-16-2023 08:13 AM

@S891 no thats fine (assuming you are adding additional ACE to the existing ACL), it'll just mean the VPN won't work for those new networks until both sides are configured.

0 Helpful

MHM Cisco World
VIP
VIP

‎02-16-2023 08:06 AM - edited ‎02-16-2023 08:07 AM

use object-group 
and when there is new subnet then only add it subnet to object-group, if that what you ask for.
if you ask about the ACL use by IPsec policy then it should MIRROR in both side. 

here there are two ACL. 
one for allow traffic 
other for IPsec Policy 

0 Helpful
Customers Also Viewed These Support Documents