VTI is not supported in these policies:.Only 100 VTIs are supported per interface. Static routing and only BGP Dynamic Routing protocol is supported for VTI interfaces that classify traffic for VPN (No Support for other protocols like OSPF, RIP, and so on).Supports only IPv4 interfaces, as well as IPv4, protected networks, or VPN payload (No Support for IPv6).These are known limitations and restrictions for Route Based tunnels on FTD: This means that any traffic routed into the IPsec tunnel is encrypted regardless of the source/destination subnet. IPsec Local and remote traffic selectors are set to 0.0.0.0/0.0.0.0. The encryption domain is set to allow any traffic which enters the IPsec tunnel. Route-based VPN allows determination of interesting traffic to be encrypted or sent over VPN tunnel and use traffic routing instead of policy/access-list as in Policy-based or Crypto-map based VPN. If your network is live, ensure that you understand the potential impact of any command. All of the devices used in this document started with a cleared (default) configuration. The information in this document was created from the devices in a specific lab environment. Cisco Firepower Threat Defense (FTD) version 6.7.0.Cisco Firepower Management Center (FMC) version 6.7.0.The information in this document is based on these software versions: Understand how to navigate through the FMC.Basic understanding of how a VPN tunnel works. Prerequisites RequirementsĬisco recommends that you have knowledge of these topics: This document describes how to configure a Route-based Site to Site VPN tunnel on a Firepower Threat Defense (FTD) managed by a Firepower Management Center (FMC).
0 Comments
Leave a Reply. |