S2S tunnel question

ryan14 · ‎03-09-2020

If I want to build a new tunnel to a remote site that is part of a summary to another site, will the FTD appliance still accept the commands or will it fail? Meaning if I have a crypto map with permit acl to 10.50.0.0/16 and also want to define a more specific subnet to another endpoint, such as 10.50.100.0/24, will the system allow me to do that or do I have to delete the tunnels and add the more specific subnets?

Sheraz.Salim · ‎03-09-2020

you are trying to modifying an crypto map you should be ok to do it.

please do not forget to rate.

ryan14 · ‎03-09-2020

No I am trying to create a new crypto map to a different endpoint that has a more specific subnet.

Cristian Matei · ‎03-14-2020

Hi

If you're building the tunnel on the same interface, it will be the same crypto map, just a different entry. Though i didn't yet implement this exact setup on the FTD (with a remote protected network as a member of another remote protected network), it needs to work. Worst case, it's gonna work via FlexConfig.

Regards,

Cristian Matei.

ryan14 · ‎03-14-2020

I tried adding the /24 but it did not work. I ended up rebuilding the site with the /16 to more specific networks (not including the /24). Just tried to take a shortcut as there was obvious downtime.