Solved: Re: route based, policy based site to site VPN on the firepower 1120 - Page 4

gogi99 · ‎08-08-2024

my company has a cisco firepower 1120. i have to configure site to site VPN with other company. i gave a information from other company. my device, the firepower i configure from the FDM. on internet, i found that the FDM supports just route based site to site VPN. other company gave me information that they have not possibility configuring device with route based site to site VPN, just with policy based site to site VPN. i must configure policy based site to site VPN. on internet, i found that exists template for policy based site to site VPN for configuring. can we give me some information about this? one more question, i must configure policy based site to site VPN from the CLI. which terminal do I use to configure this option? is it system support diagnostic-cli?

gogi99 · ‎08-12-2024

maybe this

MHM Cisco World · ‎08-12-2024

Yes this it' you see type is manual not auto' you need to change NAT type and check

MHM

gogi99 · ‎08-12-2024

type rule is greyed on this rule. i cant change to Auto

MHM Cisco World · ‎08-12-2024

add new one with Type auto after that disable this one.

MHM

gogi99 · ‎08-11-2024

now, i have one more problem, when i type show crypto ikev2 sa or show crypto ipsec sa, but i receive error message there are not ikev2 key, like the tunnel is down

gogi99 · ‎08-08-2024

does such a possibility exist at all?