10-04-2020 01:02 AM - edited 10-04-2020 01:02 AM
Hi Tech guys,
in my Internet edge deployment, My FTD (21110) is behind the ASR1000 Router(Internet Gateway). I want to allow any connect vpn clients to establish vpn connection to FTD via NAT Configured on ASR1000. From the Firewall perspective, Is there any Special configuration on firepower e.g related to NAT/PAT to access the Local LAN subnets from Internet? Any connection VPN configurations will be done FTD.
Thanks in advance
10-04-2020 01:06 AM
Steps :
1. You need NAT on ASR 1000 Public to PrivateIP ( allocated on FTD)
2. follow below guide to RAVPN
3. You need to have ACP/ ACL should be in place what resouce required access for the VPN subnet.
Hope make sense ?
10-04-2020 01:33 AM
thanks balaje for your reply,
1. You need NAT on ASR 1000 Public to PrivateIP ( allocated on FTD)
The NAT ACL on ASR1K will include the FTD Outside IP address which makes sense.
2. follow below guide to RAVPN
I have FMC ,The concept will be the same.
3. You need to have ACP/ ACL should be in place what resouce required access for the VPN subnet.
Yes Correct. Access to Service VLAN in DMZ.
SSL Certificate
we can generate Self signed certificated and map this certificate to our domain (e.g vpn.cisco.com) on the FTD, as its shown in the guide.
Thanks in advance.
10-04-2020 05:40 AM
SSL Certificate
we can generate Self signed certificated and map this certificate to our domain (e.g vpn.cisco.com) on the FTD, as its shown in the guide.
BB - if this is external i would advise CA authority to sign. ( like Godaddy or DigiCert)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide