Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
298
Views
1
Helpful
3
Replies

Setup EIGRP/OSPF on dvti and svti

Cisco-User500
Level 1
Level 1

‎02-25-2025 09:14 PM

Hello All,

I am replacing an ASA with an FTD managed by FMC at the main site. I have some FTDs , at remote sites, managed through FDM and the rest through FMC. I was able to setup S2S tunnel using dvti to all the FTD managed through FMC and was able to configure EIGRP and BFP over dvti. 

I tried adding the FTDs managed through FDM to the dvti and got the tunnel to establish but cannot get BGP, OSPF or EIGRP to work and had same result, except for BGP, with SVTI between the main FTD and the remote ones (managed by FDM). Does anyone know if BGP or EIGRP is supported on dvti from an FTD managed by FMC to and FTD managed by FDM?

I have over 30 FTDs and would hate to do svti and static routes.

I am running FMC and FTD ver 7.4.2.1

I opened a case with TAC but they were no help. They even stated that eigrp is not supported over dvti when Cisco documentation

clearly says otherwise.

Thanks for your help

 

 

Labels:
0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎02-25-2025 10:35 PM

@Cisco-User500

FDM only supports BGP on the VTI - https://www.cisco.com/c/en/us/td/docs/security/firepower/740/fdm/fptd-fdm-config-guide-740/fptd-fdm-s2svpn.html - "Only the BGP routing protocol is supported over the VTI."

FMC supports BGP, EIGRP and OSPF - https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/740/management-center-device-config-74/vpn-s2s.html

Any reason why you cannot use FMC to manage all the FTD's instead of using local management with FDM? You'd then have simplified the management and can run the dynamic routing protocol of your choice.

 

Cisco-User500
Level 1
Level 1
In response to Rob Ingram

‎02-27-2025 01:41 PM

Hi Rob and thanks for your response,

When we got these FTDs 5 years ago, I never felt comfortable plugging the management interface into public internet. I opted for FDM management as these sites were connected through S2S vpn. I may start bringing some of them to the FMC but that s going to take a while.

 

0 Helpful

Rob Ingram
VIP
VIP
In response to Cisco-User500

‎02-27-2025 09:33 PM

@Cisco-User500 FYI, on newer FTD versions you can use the data interface for mgmt, so no need to connect the mgmt interface to the internet. The communication over the internet is secure.

0 Helpful
Customers Also Viewed These Support Documents