Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
535
Views
0
Helpful
2
Replies

Firepower between ASA and Juniper.

guna.neo
Level 1
Level 1

‎09-19-2022 05:52 AM

Firepower is setup with ASA behind it. Need to setup IPSec between ASA and Outside/internet JuniperFW. I can see IKE and ISAKMP packets, but no ESP. Is this even possible:-

Use FMC to traverse IPSEC for an internal ASA

Any inherent policy in FMC that blocks ESP

0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-19-2022 10:02 AM

If your default action in the Firepower Access Control Policy is to Block then the ESP (protocol 50) will be blocked.

The typical recommendation for such a use case is to put the source and destination of the IPsec tunnel in a prefilter policy rule with action of Fastpath. That way you skip all other ACP rules and Snort altogether.

0 Helpful

marce1000
Hall of Fame
Hall of Fame

‎09-19-2022 10:05 AM

 

 - FYI : https://supportportal.juniper.net/s/article/Example-Configuring-site-to-site-VPN-between-SRX-and-Cisco-ASA-Route-based-VPN?language=en_US

     https://tungdt.net/configure-site2site-vpn-between-juniper-srx-and-cisco-asa-firewalls/

 M.

 



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card