Solved: Can setup IPsec site-to-site VPN between ASA-5516X-firepower and ASA-5515?

Herman2018 · ‎05-08-2020

Hi, Can setup IPsec site-to-site VPN between ASA-5516X-firepower and ASA-5515? The software on ASA-5515 is very old one, v8.x. Please advise, thanks in advance.

Rob Ingram · ‎05-08-2020

Hi,
Yes you can. Depending on which exact version of ASA you are running on the ASA 5515, then it may not support IKEv2 and Iatest encryption/integrity algorithms, but regardless you should at least be able to use IKEv1. When you configure the VPN, ensure the IKE version, encryption, integrity, diffie hellman group, lifetimes, pfs (if used) etc are identical.

I suggest upgrading the ASA 5515 to the latest supported version, v8.x is very old and full of bugs.

HTH

View solution in original post

Rob Ingram · ‎05-08-2020

Hi,
Yes you can. Depending on which exact version of ASA you are running on the ASA 5515, then it may not support IKEv2 and Iatest encryption/integrity algorithms, but regardless you should at least be able to use IKEv1. When you configure the VPN, ensure the IKE version, encryption, integrity, diffie hellman group, lifetimes, pfs (if used) etc are identical.

I suggest upgrading the ASA 5515 to the latest supported version, v8.x is very old and full of bugs.

HTH

Herman2018 · ‎05-08-2020

Thanks HTH for your kind reply. ASA-5515 hardware is 5 years ago, can it support latest version? Do we need to upgrade the memory or HDd? Thanks.

Rob Ingram · ‎05-08-2020

The ASA 5515X hardware will support up to ASA version 9.12, reference here. This isn't the very latest version, but 9.12 is still up to date and considerably better than version 8.x.

Link to ASA 9.12 software download here.

ASA upgrade guide here.

Herman2018 · ‎05-08-2020

Thanks a lot!