Post

Cisco FTD Site to Site IPSec VPN with FMC

Posted
By Sena Perdiana 1 min read

Cisco Firepower Threat Defense (FTD) Site-to-Site IPSec VPN with Firepower Management Center (FMC) allows secure communication between two or more networks over the internet by encrypting traffic. FMC is used to centrally manage and configure the VPN settings on FTD devices, providing a user-friendly interface to set up encryption policies, authentication, and network parameters for the VPN tunnels.

x


Configuring IPsec VPN

On FMC » Devices » Site to Site VPN, create New VPN Topology using Virtual Tunnel Interface (VTI)

x


The rest of the configuration we can leave the default

x

x


Configuring Policy

Next configure the policy on both nodes to allow traffic going in and out to the VTI

x


Configuring PBR

After that we’ll configure routes to forward traffic going to the subnets on the other node to the tunnel gateway, first lets create an Extended ACL for that on Object » Object Management » Access List

x


Now on Devices » Routing, we can add a PBR that matches the ACL to route the traffic to the VTI of the other node

Node A

x

Node B

x


Validating VPN

After deploying the configurations, we can see the VPN is now up

x


On the Device’s Interfaces, we can see a new Tunnel Interface is created

x


Now both subnets can connect to each other through VPN

x

x


On Analysis » Events, we can see the traffic going between these two nodes

x


On Overview » Site to Site VPN, we see the overall status of the VPN

x

x


Security, Cisco Firepower Threat Defense (FTD)
FTD
This post is licensed under CC BY 4.0 by the author.