Best practices guide for Site to Site VPN

dpetrovi · ‎01-09-2019

Hi experts,

Can anyone point me toward the most up to date Cisco best practices guide for Site to Site VPN configuration? There is a lot of information on this topic online, but what would be document that would be considered as the one with most credibility?

Thank you.

-Dejan

Sheraz.Salim · ‎01-09-2019

this link give you a Cisco official best practice for vpn

https://www.cisco.com/c/en/us/support/security/flexvpn/products-configuration-examples-list.html

https://www.cisco.com/c/en/us/support/docs/routers/1700-series-modular-access-routers/71462-rtr-l2l-ipsec-split.html

please do not forget to rate.

Rob Ingram · ‎01-09-2019

Hi,
It depends on what hardware you are using; router, ASA or FTD and what type of topology (Hub and Spoke, Spoke-to-Spoke, MESH etc). There is not currently feature compatiblity between ASA and FTD.

Internally there used to be the RTR (route to readiness) guides, I think they used to cover VPNs, you may want to check there.

The Cisco Live presentations such as BRKSEC-1050 provides detailed information on the different VPN types, page 133-134 has a useful table providing information when to use each type of VPN and what features are available.

Either way you probably want to be using the latest NGE, reference here.

HTH

Best practices guide for Site to Site VPN

事象：FPR4100/9300-ASA: PLR 適用後、site-to-site VPN 接続ができなくなる

Secure Firewall – Tips – Site-to-Site VPN(Policy-Based)

［事例］Site-to-Site IPSec VPN の Crypto ACL の設定について

Secure Firewall – Tips – Site-to-Site VPN(Route-Based)

ASA site to site VPN