Solved: FTD with IPSec Site-to-site tunnels from 2 different interfaces

sakoury@dcgroup.com · ‎08-26-2021

Hello,

is it possible with FTD to do with FTD, to have IPSec tunnels from more than one interface ?

We have a firewall connected to a wan router by 3 interfaces (on the wan router each interface is in a different VRF).

We want to create an IPSec tunnel from each of these 3 interfaces.

is it possible ? (we have FMC), I attached a diagram .

thank you

Rob Ingram · ‎08-26-2021

sakoury@dcgroup.com

Well you can only have 1 active default gateway on the FTD. You'd need specific static routes via the other interfaces to the peer you wish to establish a tunnel with.

View solution in original post

Rob Ingram · ‎08-26-2021

sakoury@dcgroup.com no restrictions, you just select the interface when creating the topology in the FMC.

View solution in original post

Rob Ingram · ‎08-26-2021

sakoury@dcgroup.com

Well you can only have 1 active default gateway on the FTD. You'd need specific static routes via the other interfaces to the peer you wish to establish a tunnel with.

sakoury@dcgroup.com · ‎08-26-2021

Hello Rob,

Thanks for your reply, we will add the static routes via other interfaces.

I remember with ASA we had the restrictions of enabling cryptomap on only one interface,

does this limitation exists in FTD ?

Thank you

Rob Ingram · ‎08-26-2021

sakoury@dcgroup.com no restrictions, you just select the interface when creating the topology in the FMC.

sakoury@dcgroup.com · ‎08-26-2021

Thank you Rob, Appreciated