ā10-18-2023 10:33 PM
Hello,
Is it possible to do a site to site VPN between two FTDs managed by same FMC?
if yes, for each do you choose remote device as "Extranet" or its "Real name" under the drop down - say under Node B: - Device Name, - Device :-.
Your assistance will be appreciated.
Thank you in advance.
Solved! Go to Solution.
ā10-19-2023 12:11 AM
Choose Sysop permit-vpn
If this op. Not appear then config acl to permit traffic of vpn.
ā10-18-2023 10:45 PM
Sure you can'
For device name select device name not extranet
This from Cisco doc.
""Node B is an ASA. Devices that are not managed by the FMC are considered Extranet.""
ā10-18-2023 10:47 PM
I gave the actual names, got "duplicate error". why would this be so?
ā10-18-2023 10:48 PM
but when i use extranet, deployment goes through, but tunnels dont come up.
ā10-18-2023 10:51 PM
Ok'
Follow this guide
' when you edit endpoint dont select extranet select ftdname of peer.
ā10-18-2023 10:57 PM
ā10-18-2023 10:58 PM
ā10-18-2023 11:10 PM
There are two fields
Device here you select ftd
Device name here you add ftdname of peer
ā10-18-2023 11:26 PM
Just have the Device Name, where you either choose devices managed by FMC or extranet devices.
ā10-18-2023 11:27 PM
Here;
ā10-18-2023 11:29 PM
Note in my case, my both Nodes are managed by same FMC.
ā10-18-2023 11:37 PM
both node mgnt by same FMC that why we must not select extranet.
Now your config is correct but I think fmc see two vpn.
Can you start from zero and add new topolgy name and as we agree both select ftd (name in device field)
ā10-18-2023 11:47 PM
I deleted one topology, i no longer get the error;
ans surprisingly when i do sh run | i [Both peerIp addresses] am getting entries showing me presence of vpn tunnel configured, with crypto maps and acls well attached. but still one Topology. yet i have devices, i expected to have two topologies each respective of each device, having respective endpoints and protected networks.
ā10-18-2023 11:44 PM
should i do enable Access control for VPN traffic, or sysop permit-vpn option) ?
ā10-19-2023 12:11 AM
Choose Sysop permit-vpn
If this op. Not appear then config acl to permit traffic of vpn.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide