Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
271
Views
0
Helpful
1
Replies

How to pre-configure an ASA with Threat Defense 6.2 for shipment to a small remote office

Go to solution
ROBBY HARRELL
Level 1
Level 1

‎06-05-2017 12:14 PM - edited ‎03-12-2019 02:28 AM

I have a small business customer who has an ASA 5512x with Firepower services module (vers 5.4) and the Firesight Mgt Center (5.4) virtual appliance managing the Firepower module.  We are planning to upgrade the Firepower module and FMC to version 6.2 soon.  

Also, the customer wants to upgrade their remote sales office from an ASA 5505 to a 5506x with either the Firepower module, or with the Threat Defense vers 6.2.   Not sure whether to stick with the ASA/Firepower images, or go with the unified Threat defense.   I have yet to work with the Threat Defense option yet.  

The remote sales office has a site to site ipsec vpn tunnel from the current ASA 5505  to the ASA 5512x at their Head Quarters.  This will need to be recreated with either option.

Previously, i configured the ASA 5505 at their HQ, and shipped it to the sales office to be plugged into their Cable Internet Service.   I would like to do the same with the new firewall.   

If the ASA with Threat Defense would be configured by the Firesight Mgt Center,  what would be the steps to pre-configure it?   If I went with the ASA/Firepower combo, I could copy the existing ASA's config to the new ASA 5506 with the VPN tunnel setup.  Then configure the Firepower module to connect to the FMC via the site to site vpn tunnel.

Any thoughts or suggestions on how to proceed?  

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-15-2017 11:35 PM

FTD is a bit raw still and I would recommend labbing it out before jumping into your first deployment at a remote site.

The 5506X with ASA software and FirePOWER 6.2 would be a good approach. Note that when you migrate your FMC to 6.2, all managed sensors must already be at 6.1.

Make sure your FirePOWER module management interface has access (via the new VPN) to the remote FMC. With that in place, you can just register it once its on-site, confirm it connects and then deploy the policies to it.

You'll generally want to do that remotely since the FMC knows it by its IP address which may not be easily setup (with its final address and routing) while at a staging location.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-15-2017 11:35 PM

FTD is a bit raw still and I would recommend labbing it out before jumping into your first deployment at a remote site.

The 5506X with ASA software and FirePOWER 6.2 would be a good approach. Note that when you migrate your FMC to 6.2, all managed sensors must already be at 6.1.

Make sure your FirePOWER module management interface has access (via the new VPN) to the remote FMC. With that in place, you can just register it once its on-site, confirm it connects and then deploy the policies to it.

You'll generally want to do that remotely since the FMC knows it by its IP address which may not be easily setup (with its final address and routing) while at a staging location.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card