Re: API VPN Configurations

Hkuespert · ‎04-27-2018

Are there any plans to allow VPN tunnel creation through the API? I can't find anything on this subject but have a bulk of VPNs to migrate from ASA. They weren't brought over using the FTD migration tool.

michoudi · ‎04-27-2018

I was looking for this feature too. So far, I haven't seen any mention if or when it might appear. I ended up spending many, many hours manually inputing L2L configurations.

Marvin Rhoads · ‎04-29-2018

FTD and FMC 6.2.3 added several API POST features but unfortunately not the ones needed for site-site VPN configuration.

We expect release 6.3 (~Fall 2018) will have a lot more API-based configuration options, including site-site VPN.

ecgbello07 · ‎01-25-2019

It has been a while since he last post. Any updates if L2L VPN functionality was added to the API in version 6.3?

Rob Ingram · ‎01-25-2019

Hi,

Yes, as per the 6.3 release notes

The FMC REST API supports new objects for site-to-site VPN topology and HA device failover.

New objects for site-to-site VPN topology: ftds2svpns, endpoints, ipsecsettings, advancedsettings, ikesettings, ikev1ipsecproposals, ikev1policies, ikev2ipsecproposals, ikev2policies

HTH

ecgbello07 · ‎01-25-2019

Great! Thanks for the quick reply

timboslice · ‎07-17-2019

Are there any examples/resources out there for importing s2s VPNs? Everything I'm finding is related to objects, which are relatively simple to do.

fiversen · ‎10-15-2019

Can someone give us an example of how to do the script because the example in the API Spec do just give "string" as an example so maybe you could supply us with something more useful.. just a thought :-).

Marvin Rhoads · ‎10-18-2019

The Firepower Migration Tool v2 (due out in the next month or so) will include VPN migration.

fiversen · ‎10-18-2019

Great, thank you :-) because I have an ASA with about 350 L2L tunnels and if I have to configure them via the GUI it'll take me many many many hours. For that reason, I haven't migrated to FTD yet.