Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
224
Views
0
Helpful
5
Replies

Site to Site VPN Design Question

Go to solution
dcanady55
Level 3
Level 3

‎09-16-2024 11:35 AM

Hello,

FTD 2110 running 7.4.1.1

I am wondering if the following is possible:

Current setup:

  • Datacenter A has two FTDs in HA with an existing internet connection.
  • Datacenter B has two FTDs in HA with an existing internet connection.

We already have failover if Datacenter A goes down and we need to use Datacenter B’s internet. However, we have a lot of resources at Datacenter A that users need when Datacenter A goes down. Is it possible to bring in another internet connection at Datacenter A and create a site-to-site VPN tunnel between the FTDs at Datacenter A and Datacenter B? If Datacenter A goes down, traffic would route to Datacenter B for internet access, but if users need to access local resources, we could send them across the site-to-site tunnel. I’ve created a site-to-site VPN between Datacenter A and Datacenter B before, testing out other ideas, but I was using those locations’ existing outside interface and internet.

Thanks for any feedback

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎09-16-2024 11:43 AM

@dcanady55 yes you could configure a VPN between DC A and DC B, user traffic is routed from the branches to DC B and onwards to DC A via the other VPN.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Rob Ingram
VIP
VIP

‎09-16-2024 11:43 AM

@dcanady55 yes you could configure a VPN between DC A and DC B, user traffic is routed from the branches to DC B and onwards to DC A via the other VPN.

0 Helpful

Go to solution
dcanady55
Level 3
Level 3
In response to Rob Ingram

‎09-16-2024 11:59 AM

Thanks Rob. I will accept this as a solution and if I have any issues will report back on this thread for others to learn. 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎09-16-2024 11:50 AM

How if DC-A down the VPN still UP?

You need DC interconnect and not need VPN to make traffic from DC-A forward to DC-B

MHM

0 Helpful

Go to solution
dcanady55
Level 3
Level 3
In response to MHM Cisco World

‎09-16-2024 11:57 AM

I could be misinterpreting your question MHM but the overall location A fine but if our internet goes down the WAN also goes down as there riding the same fiber. In so, instead of enacting a full-blown DR failover at B if it's only going to be a few hours it might be easier for us to bring in a cheap internet connection into A using another provider and then run this site to site from B to A so that users can get to those local resources at A. Sounds like that's doable according to Rob so thanks for the feedback.

 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to dcanady55

‎09-16-2024 12:03 PM

So you will have second ISP in each site' and that solve issue not VPN.

MHM

0 Helpful
Customers Also Viewed These Support Documents