cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10758
Views
5
Helpful
11
Replies

Cisco Firepower 2130 Site to Site VPN Connection to AWS

Hello,

 

Good Day,

Seeking help from you guys, currently I`m configuring Site to Site VPN connection from Cisco Firepower 2130 to AWS.

I`m using the download configuration from AWS which is Cisco ASA 5500 9.X file, and I`m using Cisco Firepower 2130 to connect to AWS via VPN. All of the configuration in the AWS side is complete (Customer Gateway, Virtual Gateway, Site to Site VPN), since Cisco Firepower 2130 is a GUI based so I can`t execute the command in the download configuration from AWS. I`m seeking who can discuss to me the process and the configuration I need to do, to completely established the connection.

 

Thank you,

This will help me a lot.

 

 

Nathaniel

11 Replies 11

balaji.bandi
Hall of Fame
Hall of Fame

How are you Managing this FTD 2130 ? If you are using FMC to Manage this FTD.

 

below guide should help you :

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/firepower_threat_defense_site_to_site_vpns.html

 

On the AWS side are you using VPC  or ASAv ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi Mr. balaji.bandi

 

Thank you for your reply,

In the Cisco side we are using FMC, and in the AWS side we are using VPC, we already configured the CGW, VPGW, and S2S VPN Connection.

Can you help us, on how to properly configured the FMC going to AWS, and what are the parameters must be configured.

 

Thank you,

Regards,

Nathaniel

Hi Mr. balaji.bandi

 

Thank you for your reply,

In the Cisco side we are using FMC, and in the AWS side we are using VPC, we already configured the CGW, VPGW, and S2S VPN Connection.

Can you help us, on how to properly configured the FMC going to AWS, and what are the parameters must be configured.

 

Thank you,

Regards,

Nathaniel

If you already setup VPC on AWS side, use below Guide to configure FTD (using FMC).

 

https://networkdirection.net/articles/asa/firepowermanagementcentre/fmcsitetositevpns/

 

If you encounter any issues pelase provide the screenshot of both the side and some logs to advise better.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi balaji.bandi,

 

Yes I already setup the VPC, also the VPN tunnel is ready but we need to configured on the Firepower 2130 FMC side. For now we will use the links and step by step your provide.

 

Will update you on the process.

 

Thank you,

 

Regards,

Hi balaji.bandi,

 

As I remember upon checking of the status, we encounter this kind of error, can you please tell us on what this kind of error and what would be the possible solution to solved this problem.

 

firepower# show crypto ikev1 sa

 

error message.jpg

Thank you,

Nathaniel

This seems to be Phase1 Issue, you need to provide both the side config to have look, with out that we may not have known what you have confiured.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi, That message would imply your device has initated the connection and is waiting for a response. If that is all you are getting then the peer has not responded.

Confirm the peer is configured correctly and there is no firewall or ACLs in between these 2 peers blocking communication.

HTH

vishal_bhugra
Level 1
Level 1

I rather do not see any traffic initiation and VTI/Tunnel interface is down. Cannot find support on google.

Rashmy Abraham
Cisco Employee
Cisco Employee

Can you check this article? It is based on FMC 7.4.1.

Doc Title: Configure Route-Based Site-to-Site VPN between Cisco Secure Management Center and AWS VPC

URL: https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/usecase/VPN/b_configure-route-based-site-to-site-vpn-between-cisco-secure-management-center-and-aws-vpc.html

Rashmy Abraham
Cisco Employee
Cisco Employee

The following article will help you, it is based on FMC 7.4.1.

Doc Title: Configure Route-Based Site-to-Site VPN between Cisco Secure Management Center and AWS VPC

URL: https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/usecase/VPN/b_configure-route-based-site-to-site-vpn-between-cisco-secure-management-center-and-aws-vpc.html