04-05-2022 09:12 AM
Hello All,
My client have Cisco Firepower 2120 threat defense version 6.4.0.12 and want to establish S2S VPN with Azure virtual Network Gateway.
My query is:
1. Mentioned model and version support S2S VPN with Azure?
2. Is there any limitation which i have to consider?
3. Any help or suggestions with configuration on FTD and Azure end?
04-05-2022 09:16 AM
04-05-2022 09:56 AM
Hi Rob,
Thank you for sharing the link.
From Article i can summarize that route based VPN with IKEv2 can be configured for the requirements. However it is supported after v6.7.
Kindly correct me if I'm wrong.
04-05-2022 10:01 AM - edited 04-05-2022 10:02 AM
Hi @shah.vinit correct, I'd not observed your version in my initial response, however it is still possible on 6.4 You'd need to use a Policy Based VPN and define the traffic selectors - this guide covers this
https://community.cisco.com/t5/security-documents/vpn-to-azure-from-ftd-ikev2/ta-p/3645952
Or as @Marvin Rhoads suggests, upgrade, which has mutiple benefits. I'd recommend upgrading and using a Route Based VPN.
04-05-2022 09:41 AM - edited 04-05-2022 09:41 AM
In addition to the document @Rob Ingram posted, I would answer that "yes, it is certainly possible".
I'd recommend you use IKEv2 with AES-256 encryption and DH Group 16 or 20 to ensure best security and also avoid parameters that are deprecated in later versions of software.
Your 6.4.0.12 is several major releases behind the recommended 7.0.1 and you should plan to upgrade in the near future.
04-05-2022 10:00 AM
Hello Marvin,
Thank you for your response.
Based on suggestion, i can summarize that route based VPN with IKEv2 can be configured for the requirements. However it is supported after v6.7. and recommend version is 7.0.1
Configuration on FTD side will be same based on article shared by Rob.
Kindly correct me if I'm wrong and any more suggestion if any.
04-06-2022 02:54 AM
Based on suggestion, i can summarize that route based VPN with IKEv2 can be configured for the requirements. However it is supported after v6.7. and recommend version is 7.0.1
Correct
Configuration on FTD side will be same based on article shared by Rob
Correct
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide