cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

256
Views
0
Helpful
1
Replies
Highlighted
Beginner

NGFW Firepower FTD site to site vpn AWS

 

HI. 

My client is using AWS <-> FW(not cisco) VPN

Existing FW will be changed to Cisco

 

I dont know how to configure Cisco and AWS Site-to-site VPN

What should I look around for when aws is a VPN?

 

Plz help me

 

1 REPLY 1
Highlighted
VIP Mentor

Hi

 

Vpn to aws is a standard route based vpn.

A configuration file can be exported from aws to get all ipsec parameters (if the vpn on aws is done on a customer gateway). If it's done on a 3rd party firewall, then people managing that fw in the cloud will have to give you the information.

 

Then, you can follow any cisco step by step for L2L vpn on FTD. The only thing is that ftd doesn't support route based (vti tunnel) except version 6.7, so the only limitation is that you are limited to only 1 sa. Basically, you have any as source fromn your lan and the aws subnet as destination. Afterwards, you'll be able to filter the communication at the fw level if you don't have sysopt permit-vpn enabled.

 

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Content for Community-Ad