10-15-2022 03:08 AM
I apologize in advance, I am not an expert with VPN setup but I need help.
We receive out new FPR 1010 Firewall and trying to configure Site-To-Site VPN with a ASA Firewall. All settings seems to be configured correctly on both, I mean they all match but still I am not getting the VPN to work. Does it also matter that the other side is using a static IP and what I have here is dynamic IP from the ISP?
If anything is required for me to share let me know and I will try my best to get it.
I wanted to create a TAC ticket but I dont have the smartnet active yet, I don't know why its taking too long to get it active and also its a new device but I cannot get any support.
Thank you all in advance.
10-15-2022 03:25 AM
"" static IP and what I have here is dynamic IP from the ISP?""
the side that have dynamic IP config it with dynamic crypto map.
10-15-2022 12:23 PM
what OS you running on this FPR 1010. Does it run asa code or does it run FTD code? you mentioned all seem to be configured correctly. what do you see on the logs at either side your FPR and what does the ASA on the other end show? Is this a new setup or you changing/migration of old firewall to new firewall?
as said ealier do you see any log (setup any debugs) on both side to pin point what the issue is?
does other remote side is using a static ip anddress and your end you are using a dynamic IP address. If this correct could you share your firewall configuration if possible if not have look on this document migration of ASA vpn tunnel code into FTD code. if you have a new setup with new firewall it will still give you a good understand how it should be setup. ideally, when local end is using a dynamic IP addresss (i guess in your case you have a dynamic ip address) from the Internet service provider (ISP) this is know as Dynamic peer.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide