Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
737
Views
0
Helpful
2
Replies

Multi Context FTD Site to Site VPN 9 ( Onprem to Azure )

Go to solution
HAT
Level 1
Level 1

‎10-27-2025 02:01 PM

We have a Multi context FTD3105 running  ASA code version 9.22 and trying to build a site to site VPN  with Azure .  Can you please provide advice on the following ? 

1 )  While trying to build a ROUTE based site to site vpn I  was unable to create the VTI then read  that this was not possible on a FTD running ASA code . Can anyone confirm that ? 

2) What would be the best to implemented inter context communication  when the Azure  site to site vpn  traffic coming on the outside interface of Context A is destined  to a network located in context B ? 

Thank you 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎10-27-2025 02:09 PM

@HAT Route Based VPN's (VTI) are not supported with Multi context.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa923/configuration/general/asa-923-general-config/ha-contexts.html

RobIngram_0-1761599238765.png

If Azure network needs to communicate with both contexts anyway, why run multi context? What not run a single context and then you can use a route based VPN?

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎10-27-2025 02:09 PM

@HAT Route Based VPN's (VTI) are not supported with Multi context.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa923/configuration/general/asa-923-general-config/ha-contexts.html

RobIngram_0-1761599238765.png

If Azure network needs to communicate with both contexts anyway, why run multi context? What not run a single context and then you can use a route based VPN?

 

0 Helpful

Go to solution
HAT
Level 1
Level 1

‎10-27-2025 02:29 PM

@Rob Ingram  . Thanks for the confirmation . We have implemented multi context in the past in order to meet certain  requirements . Now we would like to ensure that Azure traffic  can reach the networks behind those contexts  . For that I have created a new context where  the VPN traffic will be terminating and would like to use it as a transit for getting to  the other networks . I have read about  routing VPN traffic  through a layer 3 switch but would like to see other options that can achieve  the same results .

Thanks in advance 

 

0 Helpful
Customers Also Viewed These Support Documents