Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
342
Views
0
Helpful
3
Replies

IPSEC CONFIGS MIGRATION BETWEEN FTDs

Go to solution
fmugambi
Spotlight
Spotlight

‎03-12-2024 01:29 AM

Hello Team,

Is it possible to migrate IPsec configurations from one FTD to another being managed by same FMC but sit on different DCs?

If yes, what tool can I use?

Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sheraz.Salim
VIP
VIP
In response to fmugambi

‎03-13-2024 10:13 PM

Let say as example DCA-FTD vpn is already configured, and now you need to migrate this vpn tunnel to DCB-FTD. you will go into Devices--->VPN-Site-to-Site edit your interested vpn-tunnel.  here at Endpoints at NodeA/NodeB at Devices you will drop down and from this list you will select the new migration FTD. as you select the migration FTD rest of the setting on this page i.e Interface and Public IP address set as Empty. Now fill up these information. for IKEV1 or IKEV2 setting will stay the same. but you can double check it. once all done deploy the policy from the FMC to both old and new migrated FTDs. no it will not be a dubplicate. bear in mind do this in change window.

 

please do not forget to rate.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Sheraz.Salim
VIP
VIP

‎03-12-2024 07:25 PM

Migration of IPsec between FTDs managed by the same FMC is still possible, you'll just need to do it manually. Here's the process:

  1. Use the FMC to create a Point-to-Point VPN topology.
  2. Define each FTD (source and destination) as a Node within the topology.
  3. Assign the local networks for each FTD within the topology.
  4. Configure the IKE/IPsec settings and choose either pre-shared key or certificates for authentication.
  5. Create Access Control Policy (ACP) rules to allow traffic over the VPN.
  6. Configure NAT exemption rules to ensure traffic isn't unintentionally translated.
  7. Deploy the policy to both FTD devices.

This manual configuration process might take some time, but it allows migrating IPsec between FTDs within the same FMC.

please do not forget to rate.
0 Helpful

Go to solution
fmugambi
Spotlight
Spotlight

‎03-12-2024 10:33 PM

currently on the fmc, i have 3 device options, dca ftd, dcb ftd & extranet. remote connections are extranet, but mapped to dca ftd. if needed to map those connections to dcb ftd, i need to create other ipsec configs as explained above? will they not like but duplicated?

or can i change under device to point to dcb ftd?

0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP
In response to fmugambi

‎03-13-2024 10:13 PM

Let say as example DCA-FTD vpn is already configured, and now you need to migrate this vpn tunnel to DCB-FTD. you will go into Devices--->VPN-Site-to-Site edit your interested vpn-tunnel.  here at Endpoints at NodeA/NodeB at Devices you will drop down and from this list you will select the new migration FTD. as you select the migration FTD rest of the setting on this page i.e Interface and Public IP address set as Empty. Now fill up these information. for IKEV1 or IKEV2 setting will stay the same. but you can double check it. once all done deploy the policy from the FMC to both old and new migrated FTDs. no it will not be a dubplicate. bear in mind do this in change window.

 

please do not forget to rate.
0 Helpful
Customers Also Viewed These Support Documents