cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

482
Views
0
Helpful
1
Replies
Highlighted

IPsec Tunnel using ASAV in AWS to Firepower - HELP

Trying to setup a IPsec Tunnel between an existing Firepower (ASA) firewall and a ASAv that I recently installed in AWS. A few issues that I am experiencing.

1. The Network interfaces I created in AWS assigned IP addresses from the same CIDR block. The MGMT link, Gi0/0 and Gi0/1 all have IP's from the same CIDR. I need one interface to have a  NAT address. The mgmt. link should also be on a separate CIDR block. I'm getting overlapping messages from the IOS.

2. Once the IP issue is resolved I'm assuming a standard IPsec Tunnel configuration for a site-to-site should work.

Everyone's tags (3)
1 REPLY 1
Highlighted
Beginner

Re: IPsec Tunnel using ASAV in AWS to Firepower - HELP

Hello Mark,

 

Can you post the configuration of your interfaces? It would be easier to advice.

If you are using public IPs, sanitize the config before posting.

I don't have a lot of experience with AWS, but if you are using the same subnet there, I don't think you can assign it's IPs to multiple ASA interfaces. If possible you should divide the block of IPs, make a static route from AWS to ASA (to the divided subnet), and then apply IPs from different subnets (that you routed from AWS to ASA) to ASA interfaces. 

I hope it's how it works with AWS. :)

Thanks.

 

 

CreatePlease to create content
Content for Community-Ad