03-09-2020 08:12 AM
If I want to build a new tunnel to a remote site that is part of a summary to another site, will the FTD appliance still accept the commands or will it fail? Meaning if I have a crypto map with permit acl to 10.50.0.0/16 and also want to define a more specific subnet to another endpoint, such as 10.50.100.0/24, will the system allow me to do that or do I have to delete the tunnels and add the more specific subnets?
03-09-2020 10:53 AM
you are trying to modifying an crypto map you should be ok to do it.
03-09-2020 10:59 AM
No I am trying to create a new crypto map to a different endpoint that has a more specific subnet.
03-14-2020 01:18 AM
Hi
If you're building the tunnel on the same interface, it will be the same crypto map, just a different entry. Though i didn't yet implement this exact setup on the FTD (with a remote protected network as a member of another remote protected network), it needs to work. Worst case, it's gonna work via FlexConfig.
Regards,
Cristian Matei.
03-14-2020 05:20 AM
I tried adding the /24 but it did not work. I ended up rebuilding the site with the /16 to more specific networks (not including the /24). Just tried to take a shortcut as there was obvious downtime.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide