cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1198
Views
0
Helpful
6
Replies

Azure S2S VPN with FTD 2120, possibility?

shah.vinit
Level 1
Level 1

Hello All,

 

My client have Cisco Firepower 2120 threat defense version 6.4.0.12 and want to establish S2S VPN with Azure virtual Network Gateway.

My query is:

1. Mentioned model and version support S2S VPN with Azure?

2. Is there any limitation which i have to consider?

3. Any help or suggestions with configuration on FTD and Azure end?

6 Replies 6

Hi Rob,

Thank you for sharing the link.

From Article i can summarize that route based VPN with IKEv2 can be configured for the requirements. However it is supported after v6.7.

 

Kindly correct me if I'm wrong.

Hi @shah.vinit correct, I'd not observed your version in my initial response, however it is still possible on 6.4 You'd need to use a Policy Based VPN and define the traffic selectors - this guide covers this

 

https://community.cisco.com/t5/security-documents/vpn-to-azure-from-ftd-ikev2/ta-p/3645952

 

Or as @Marvin Rhoads suggests, upgrade, which has mutiple benefits. I'd recommend upgrading and using a Route Based VPN.

 

 

Marvin Rhoads
Hall of Fame
Hall of Fame

In addition to the document @Rob Ingram posted, I would answer that "yes, it is certainly possible".

I'd recommend you use IKEv2 with AES-256 encryption and DH Group 16 or 20 to ensure best security and also avoid parameters that are deprecated in later versions of software.

Your 6.4.0.12 is several major releases behind the recommended 7.0.1 and you should plan to upgrade in the near future.

Hello Marvin,

 

Thank you for your response.

Based on suggestion, i can summarize that route based VPN with IKEv2 can be configured for the requirements. However it is supported after v6.7. and recommend version is 7.0.1

 

Configuration on FTD side will be same based on article shared by Rob.

 

Kindly correct me if I'm wrong and any more suggestion if any.

Based on suggestion, i can summarize that route based VPN with IKEv2 can be configured for the requirements. However it is supported after v6.7. and recommend version is 7.0.1

Correct

 

 

Configuration on FTD side will be same based on article shared by Rob

Correct

 

 

please do not forget to rate.