Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1728
Views
0
Helpful
1
Replies

NGFW Firepower FTD site to site vpn AWS

LeeJAEKEUN9410
Level 1
Level 1

‎01-17-2021 05:58 PM

 

HI. 

My client is using AWS <-> FW(not cisco) VPN

Existing FW will be changed to Cisco

 

I dont know how to configure Cisco and AWS Site-to-site VPN

What should I look around for when aws is a VPN?

 

Plz help me

 

0 Helpful
1 Reply 1

Francesco Molino
VIP Alumni
VIP Alumni

‎01-17-2021 08:39 PM

Hi

 

Vpn to aws is a standard route based vpn.

A configuration file can be exported from aws to get all ipsec parameters (if the vpn on aws is done on a customer gateway). If it's done on a 3rd party firewall, then people managing that fw in the cloud will have to give you the information.

 

Then, you can follow any cisco step by step for L2L vpn on FTD. The only thing is that ftd doesn't support route based (vti tunnel) except version 6.7, so the only limitation is that you are limited to only 1 sa. Basically, you have any as source fromn your lan and the aws subnet as destination. Afterwards, you'll be able to filter the communication at the fw level if you don't have sysopt permit-vpn enabled.

 

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card