Firepower 2130 support site to site vpn to google cloud with bgp routing option

Daniel8 · ‎02-05-2019

Does Firepower 2130 support site to site vpn to Goggle cloud with bgp routing option?? if so, how to do it?? Thanks.

Marvin Rhoads · ‎02-05-2019

Site-site IPsec VPN to third party peers (other vendor devices or public cloud) is supported. It's no different from any other site-site VPN. You just choose "extranet" for the remote peer to indicate it will be setup separately from the FMC-managed device.

BGP is independent of that but is also supported.

I have setup site-site VPNs to unmanaged remote devices and the FTD is using BGP for its external routing. It works fine.

ulises.suarez.verde · ‎12-07-2021

Hi Marvin!

Do you have any example of configuration on the cisco firepower 2130 side for the vpn site to site with Google cloud?

From already thank you very much!

BmfL · ‎12-07-2021

@ulises.suarez.verde :

https://www.cisco.com/c/en/us/td/docs/security/firepower/710/fdm/fptd-fdm-config-guide-710/fptd-fdm-s2svpn.html

stephan.l.martin1 · ‎12-07-2024

Greetings,

Site-to-site setups are fairly guided. Things that you will need to consider include the use of IKEv1 (deprecated) or IKEv2, cipher suite (encryption, Diffie-Helman group, integrity, PFS, etc)

As IPsec is standardized here are some recommended settings to meet best practice

Encryption: AES-256

Integrity: SHA512

DH-Group: (minimum 14- but higher is better)

IKEv2 over IKEv1

PFS is preferred.

The Firepower guide can be found here: Site to Site VPN Configuration on FTD Managed by FMC - Cisco

And the Google guide can be found here: Use third-party VPNs | Google Cloud

Hope this helps.

Please mark as helpful if this answered your question!

fmugambi · ‎10-16-2024

How did you achieve this, route based or policy-based?

BmfL · ‎12-07-2024

Routing protocol function well with route based.