Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10759
Views
5
Helpful
11
Replies

Cisco Firepower 2130 Site to Site VPN Connection to AWS

nathaniel.mangulad
Level 1
Level 1

‎03-20-2019 08:46 PM

Hello,

 

Good Day,

Seeking help from you guys, currently I`m configuring Site to Site VPN connection from Cisco Firepower 2130 to AWS.

I`m using the download configuration from AWS which is Cisco ASA 5500 9.X file, and I`m using Cisco Firepower 2130 to connect to AWS via VPN. All of the configuration in the AWS side is complete (Customer Gateway, Virtual Gateway, Site to Site VPN), since Cisco Firepower 2130 is a GUI based so I can`t execute the command in the download configuration from AWS. I`m seeking who can discuss to me the process and the configuration I need to do, to completely established the connection.

 

Thank you,

This will help me a lot.

 

 

Nathaniel

Labels:
0 Helpful
11 Replies 11

balaji.bandi
Hall of Fame
Hall of Fame

‎03-21-2019 01:23 AM

How are you Managing this FTD 2130 ? If you are using FMC to Manage this FTD.

 

below guide should help you :

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/firepower_threat_defense_site_to_site_vpns.html

 

On the AWS side are you using VPC  or ASAv ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

nathaniel.mangulad
Level 1
Level 1
In response to balaji.bandi

‎03-24-2019 10:08 PM

Hi Mr. balaji.bandi

 

Thank you for your reply,

In the Cisco side we are using FMC, and in the AWS side we are using VPC, we already configured the CGW, VPGW, and S2S VPN Connection.

Can you help us, on how to properly configured the FMC going to AWS, and what are the parameters must be configured.

 

Thank you,

Regards,

Nathaniel

0 Helpful

nathaniel.mangulad
Level 1
Level 1
In response to balaji.bandi

‎03-24-2019 10:08 PM

Hi Mr. balaji.bandi

 

Thank you for your reply,

In the Cisco side we are using FMC, and in the AWS side we are using VPC, we already configured the CGW, VPGW, and S2S VPN Connection.

Can you help us, on how to properly configured the FMC going to AWS, and what are the parameters must be configured.

 

Thank you,

Regards,

Nathaniel

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to nathaniel.mangulad

‎03-25-2019 06:14 AM

If you already setup VPC on AWS side, use below Guide to configure FTD (using FMC).

 

https://networkdirection.net/articles/asa/firepowermanagementcentre/fmcsitetositevpns/

 

If you encounter any issues pelase provide the screenshot of both the side and some logs to advise better.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

nathaniel.mangulad
Level 1
Level 1
In response to balaji.bandi

‎03-26-2019 09:00 PM

Hi balaji.bandi,

 

Yes I already setup the VPC, also the VPN tunnel is ready but we need to configured on the Firepower 2130 FMC side. For now we will use the links and step by step your provide.

 

Will update you on the process.

 

Thank you,

 

Regards,

0 Helpful

nathaniel.mangulad
Level 1
Level 1
In response to balaji.bandi

‎03-27-2019 12:51 AM

Hi balaji.bandi,

 

As I remember upon checking of the status, we encounter this kind of error, can you please tell us on what this kind of error and what would be the possible solution to solved this problem.

 

firepower# show crypto ikev1 sa

 

error message.jpg

Thank you,

Nathaniel

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to nathaniel.mangulad

‎03-27-2019 02:50 AM

This seems to be Phase1 Issue, you need to provide both the side config to have look, with out that we may not have known what you have confiured.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Rob Ingram
VIP
VIP
In response to nathaniel.mangulad

‎03-27-2019 02:55 AM

Hi, That message would imply your device has initated the connection and is waiting for a response. If that is all you are getting then the peer has not responded.

Confirm the peer is configured correctly and there is no firewall or ACLs in between these 2 peers blocking communication.

HTH
0 Helpful

vishal_bhugra
Level 1
Level 1

‎04-22-2024 10:56 PM

I rather do not see any traffic initiation and VTI/Tunnel interface is down. Cannot find support on google.

0 Helpful

Rashmy Abraham
Cisco Employee
Cisco Employee

‎08-13-2024 11:00 PM

Can you check this article? It is based on FMC 7.4.1.

Doc Title: Configure Route-Based Site-to-Site VPN between Cisco Secure Management Center and AWS VPC

URL: https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/usecase/VPN/b_configure-route-based-site-to-site-vpn-between-cisco-secure-management-center-and-aws-vpc.html

0 Helpful

Rashmy Abraham
Cisco Employee
Cisco Employee

‎09-02-2024 08:54 PM

The following article will help you, it is based on FMC 7.4.1.

Doc Title: Configure Route-Based Site-to-Site VPN between Cisco Secure Management Center and AWS VPC

URL: https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/usecase/VPN/b_configure-route-based-site-to-site-vpn-between-cisco-secure-management-center-and-aws-vpc.html

0 Helpful
Customers Also Viewed These Support Documents