Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1053
Views
0
Helpful
8
Replies

I have 2 ISP connection how can i let the VPN use both.

Go to solution
HaniAbuelkhair6735
Level 1
Level 1

‎01-18-2021 05:22 AM

I have 2 ISP connection WAN-1 and WAN-2 on my FP1010

how can i let the anyconnect VPN users use both ISP connection when they connect to VPN as my original configuration was for one WAN and we just added the 2nd.

is Dynamic DNS an option ? but could not find that on my FP1010 v6.6

Please give me an ideas if you can

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to HaniAbuelkhair6735

‎01-18-2021 11:29 AM - edited ‎01-18-2021 11:46 AM

@HaniAbuelkhair6735 If using FDM to manage the FTD you cannot enable RAVPN on more than 1 interface.

 

It is possible to enable ISP failover (of the default route) using IP SLA.

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Rob Ingram
VIP
VIP

‎01-18-2021 06:14 AM

@HaniAbuelkhair6735 

You can't have them both active at the same time. However you could use IP SLA to failover the default route to the WAN-2 connection in the event WAN-1 fails. You'd rely on the anyconnect profile on the client computers configured accordingly.

0 Helpful

Go to solution
HaniAbuelkhair6735
Level 1
Level 1
In response to Rob Ingram

‎01-18-2021 10:54 AM

Thanks @Rob Ingram for the update

But i was asking Cisco about this and the update was we cant do this if i am using (FDM/Onbox management) 

This is only possible using FMC which i don't have i only manage my FP1010 uisng the FMD local management 

 

All what i need is a failover between both ISP connection WAN-1, and WAN-2 

Please advise 

 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to HaniAbuelkhair6735

‎01-18-2021 11:29 AM - edited ‎01-18-2021 11:46 AM

@HaniAbuelkhair6735 If using FDM to manage the FTD you cannot enable RAVPN on more than 1 interface.

 

It is possible to enable ISP failover (of the default route) using IP SLA.

0 Helpful

Go to solution
HaniAbuelkhair6735
Level 1
Level 1
In response to Rob Ingram

‎01-18-2021 12:19 PM

@Rob Ingram 

Can i do failover between both ISP ? but not for RAVPN ?

If yes can you please share how as i can see SLA monitor on my box 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to HaniAbuelkhair6735

‎01-18-2021 12:26 PM

Yes you can failover the default route between the 2 ISP connections. Enable the IP SLA (supported from FDM v6.5) under the static route, e.g.

 

sla.PNG

 

You can only configure RAVPN on one interface when using FDM.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-18-2021 09:23 AM

At a time both the ISP not possible, you can do failover.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
HaniAbuelkhair6735
Level 1
Level 1
In response to balaji.bandi

‎01-18-2021 10:54 AM

Thanks @balaji.bandi 

 

But i was asking Cisco about this and the update was we cant do this if i am using (FDM/Onbox management) 

This is only possible using FMC which i don't have i only manage my FP1010 uisng the FMD local management 

 

All what i need is a failover between both ISP connection WAN-1, and WAN-2 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-18-2021 02:32 PM

I know FDM has limited features, only to manage certain features, For full working featured cisco suggesting FMC requirement.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents