Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
813
Views
0
Helpful
1
Replies

IPsec Tunnel using ASAV in AWS to Firepower - HELP

MarkWithrow5064
Level 1
Level 1

‎11-04-2019 05:31 AM

Trying to setup a IPsec Tunnel between an existing Firepower (ASA) firewall and a ASAv that I recently installed in AWS. A few issues that I am experiencing.

1. The Network interfaces I created in AWS assigned IP addresses from the same CIDR block. The MGMT link, Gi0/0 and Gi0/1 all have IP's from the same CIDR. I need one interface to have a  NAT address. The mgmt. link should also be on a separate CIDR block. I'm getting overlapping messages from the IOS.

2. Once the IP issue is resolved I'm assuming a standard IPsec Tunnel configuration for a site-to-site should work.

Labels:
0 Helpful
1 Reply 1

Filip Knezevic
Level 1
Level 1

‎11-04-2019 12:40 PM - edited ‎11-04-2019 12:43 PM

Hello Mark,

 

Can you post the configuration of your interfaces? It would be easier to advice.

If you are using public IPs, sanitize the config before posting.

I don't have a lot of experience with AWS, but if you are using the same subnet there, I don't think you can assign it's IPs to multiple ASA interfaces. If possible you should divide the block of IPs, make a static route from AWS to ASA (to the divided subnet), and then apply IPs from different subnets (that you routed from AWS to ASA) to ASA interfaces. 

I hope it's how it works with AWS. :)

Thanks.

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card