FTD Site to Site VPN with ASA

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi welcome to firepower read defense training video series I'm Nanda in this video we'll look at establishing site to site VPN between FTD and AC this fkd will be managed through five power management center let's see this is a topology that I'm going to use to demonstrate I have FTD which is standing on five board 2130 platform the FTD version is 6.2 dot one and it has been managed by virtue FM C which is again 6.2 dot one on the other side I have AC which is nine eight two running on five power 21:10 however to Windows host which is on either side of the network we will try to establish a tunnel between AC and fiber thread defense all the interface policies are already been configured on both FTD and AC right now in this video I'm going to just show you how to configure remote access VPN site-to-site VPN on FM c and subsequent configuration on the AC and then do a test so be able to use this fire power 21:30 which is running six to one you can go to the device and the device we have site-to-site VPN select Add VPN firepower thread defense so since it's going to be side to side that is point-to-point I'm going to use this point append you want to name the topology point-to-point for IP to we can use both or either one I'm going to use I like we do on the node E I'm gonna say that it does this firepower difference that is 2130 and then select the interface that is going to participate on the VPN that is outside and it is going to list the IP address which is on the outside interface which is 1iq one state tinder one so I'm going to use three Shakti so I'm not going to use a certificate map and then connection type I'm going to use a bi direction that is like he can be initiated as well as a responder and then define or define the protected Network that is the inside network so I already have a network object which is inside - NW which has the value of 1 0 16 10.0 when I select this added we have configured on one end point that is FTD for the node B that is the pure Network I need to define a selector device that is a seen since AC is not managed by fire power management center I'm going to use extranet so you use this option as exponent and then you can have a friendly name so I'm going to call it as AC P to do one chain and then the pier right Beatrice this is one night to one state 10 dot here as you could see it here one I - once 303 and then I have to tell them what is the protected Network behind the AC which for which I already have an object group which is remote network I have already created which is one sort of sixteen 11.0 carrier so we have done but I'm adding the VPN device that is going to participate rest I need to chain for the authentication that is I have to use apprecia key here but FMC by default it is always points to press a key which is auto-generated that is if all the participant device are within this FMC the FMC is going to generate the pressure key off its own and then apply that pressure key to all the devices since here we have easy which is not managed by the fire power management center I'm going to use manual pre Shiki and then set password of my one place so the policy I'm gonna leave it as default if you want you can change save the policy and the next thing that you have to keep in mind is you have to either create a access control policy or the pre-filter rule to allow this VPN traffic so I have three filter pol axis from the policy I'm going to so I have a rule which says permit any any if want to be very specific I can be very specific to V pin device let's see also add the network that as source will be from remote network and then destination will be your inside network and then it for all you want other inspection that application are you are an application you can enforce enforce them so I'm going to leave this as it is and then apply this policy and if this box has an ADD policy you might have you have to create a night net for this route we have a natural but I don't see any natural so big we don't have to create any identic knack for this VPN but if you have any NAT configured on this box it is better it is advise to create an ID twice identity not for deep in traffic so let's go and deploy this policy to to the FTD on the AC I don't have a configuration right now I'm going to go to complicate AC policy so I already have conjugation that is required on the AC so for your reference I've got to keep this configuration on the video description you can use it as your reference first ASEAN crypto ASEAN crypto IP Seca the proportion then time ago so we have done configuration on the AC let's check if F MCA has completed deploying the policy deployment is completed you can verify the quantification on their KD using show so you can verify all this policy configuration on the FTD so let's generate some traffic and verify if traffic is passing through the device this is a host on the inside it works so I'm going to test trying to reach the host on the AC in Post host IP so the timing is established let's go and verify on the device on the AC I can do this so I can see the tunnel is up between 192 168 Endor treat are 2 1 & 2 1 state 10.1 which is FTD and then the participant networks are 1 7 to 16 11.0 to 116 10 dirt network you can verify on IP 6 off as well so we have seen that reply direction and then the dementia similarly you can verify it on the fkd with the same commands that I'm tunnel is up with this we have come to the end of this video see you soon in next video with more options thank you bye bye

Info

Channel: Securing Networks with Cisco Firepower Threat Defense

Views: 8,581

Rating: undefined out of 5

Keywords: IPSec VPN, FTD, S2S VPN on FTD, Configuring IPSec VPN on Firepower Threat Defense

Id: k_hEtQaCto8

Channel Id: undefined

Length: 9min 57sec (597 seconds)

Published: Wed Oct 25 2017