https://community.cisco.com/t5/network-security/firepower-between-asa-and-juniper/m-p/4689842#M1093473 <P>Firepower is setup with ASA behind it. Need to setup IPSec between ASA and Outside/internet JuniperFW. I can see IKE and ISAKMP packets, but no ESP. Is this even possible:-</P><P>Use FMC to traverse IPSEC for an internal ASA</P><P>Any inherent policy in FMC that blocks ESP</P> Mon, 19 Sep 2022 12:52:13 GMT guna.neo 2022-09-19T12:52:13Z https://community.cisco.com/t5/network-security/firepower-between-asa-and-juniper/m-p/4689842#M1093473 <P>Firepower is setup with ASA behind it. Need to setup IPSec between ASA and Outside/internet JuniperFW. I can see IKE and ISAKMP packets, but no ESP. Is this even possible:-</P><P>Use FMC to traverse IPSEC for an internal ASA</P><P>Any inherent policy in FMC that blocks ESP</P> Mon, 19 Sep 2022 12:52:13 GMT https://community.cisco.com/t5/network-security/firepower-between-asa-and-juniper/m-p/4689842#M1093473 guna.neo 2022-09-19T12:52:13Z https://community.cisco.com/t5/network-security/firepower-between-asa-and-juniper/m-p/4689993#M1093482 <P>If your default action in the Firepower Access Control Policy is to Block then the ESP (protocol 50) will be blocked.</P> <P>The typical recommendation for such a use case is to put the source and destination of the IPsec tunnel in a prefilter policy rule with action of Fastpath. That way you skip all other ACP rules and Snort altogether.</P> Mon, 19 Sep 2022 17:02:31 GMT https://community.cisco.com/t5/network-security/firepower-between-asa-and-juniper/m-p/4689993#M1093482 Marvin Rhoads 2022-09-19T17:02:31Z https://community.cisco.com/t5/network-security/firepower-between-asa-and-juniper/m-p/4689994#M1093483 <P>&nbsp;</P> <P>&nbsp;- FYI :&nbsp;<A href="https://supportportal.juniper.net/s/article/Example-Configuring-site-to-site-VPN-between-SRX-and-Cisco-ASA-Route-based-VPN?language=en_US" target="_blank">https://supportportal.juniper.net/s/article/Example-Configuring-site-to-site-VPN-between-SRX-and-Cisco-ASA-Route-based-VPN?language=en_US</A></P> <P>&nbsp; &nbsp; &nbsp;<A href="https://tungdt.net/configure-site2site-vpn-between-juniper-srx-and-cisco-asa-firewalls/" target="_blank">https://tungdt.net/configure-site2site-vpn-between-juniper-srx-and-cisco-asa-firewalls/</A></P> <P>&nbsp;M.</P> <P>&nbsp;</P> Mon, 19 Sep 2022 17:05:16 GMT https://community.cisco.com/t5/network-security/firepower-between-asa-and-juniper/m-p/4689994#M1093483 Mark Elsen 2022-09-19T17:05:16Z