12-17-2023 04:37 AM
Hi All
I am reaching out to seek assistance with the configuration of our Cisco FPR101 firewalls in two different locations managed by FMC. Currently, I have successfully set up Site-to-Site VPN between the firewalls, allowing communication between the internal subnets.
However, we are facing a challenge as the VPN is currently restricting traffic to the internal subnets only, and we would like to configure it in a way that allows all traffic to flow through to the destination firewall (Firewall at Location B).
Here are some key details about our current setup:
We would appreciate your guidance on how to configure the firewalls to allow all traffic to pass through the Site-to-Site VPN to the Firewall at Location B.
If possible, could you provide step-by-step instructions or any relevant documentation that will help us achieve this configuration? Additionally, if there are specific access control policies or NAT configurations that need to be adjusted, please provide guidance on those aspects as well.
Thanks
Solved! Go to Solution.
12-17-2023 07:05 AM
did you check the guide I share, please make double check
the plus sign click it to add Node A and Node B,
after click it you will open new windows from there you can select the protect LAN
NODE-A is your FPR end and it protect LAN is your Local LAN
NODE-B is remote end and it protect LAN is Remote LAN
MHM
12-17-2023 04:58 AM
All destination via S2S VPN
you can use remote LAN object with 0.0.0.0 (ANY)
MHM
12-17-2023 05:17 AM
Thanks for your reply
if it possible to set up a full tunnel site-to-site VPN for one specific subnet in Location A, while leaving the other two subnets unaffected?
12-17-2023 05:22 AM
there is LOCAL and REMOTE LAN
config your LOCAL LAN object with one Subnet and config the Remote LAN with 0.0.0.0 or ANY
NOTE:- you must sure that routing is via one interface
MHM
12-17-2023 05:37 AM
May i know where are the LOCAL and REMOTE LAN objects?
Is it need to create an object LOCAL and REMOTE LAN and configure the Static Route?
Thanks
12-17-2023 05:53 AM
Follow this guide to config local and remote LAN
For static route do you have defualt route in your FPR?
MHM
12-17-2023 06:01 AM
Yes, both FPR have default route.
12-17-2023 06:08 AM
Then no need static route since you have only one ISP and one default route.
MHM
12-17-2023 06:42 AM
Thanks, I am still confused about the local and remote LAN.
May i know is it this section about the local and remote LAN objects?
12-17-2023 07:05 AM
did you check the guide I share, please make double check
the plus sign click it to add Node A and Node B,
after click it you will open new windows from there you can select the protect LAN
NODE-A is your FPR end and it protect LAN is your Local LAN
NODE-B is remote end and it protect LAN is Remote LAN
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide