Site to Site VPN Issue

H3ct0r · ‎10-15-2022

I apologize in advance, I am not an expert with VPN setup but I need help.

We receive out new FPR 1010 Firewall and trying to configure Site-To-Site VPN with a ASA Firewall. All settings seems to be configured correctly on both, I mean they all match but still I am not getting the VPN to work. Does it also matter that the other side is using a static IP and what I have here is dynamic IP from the ISP?

If anything is required for me to share let me know and I will try my best to get it.

I wanted to create a TAC ticket but I dont have the smartnet active yet, I don't know why its taking too long to get it active and also its a new device but I cannot get any support.

Thank you all in advance.

MHM Cisco World · ‎10-15-2022

"" static IP and what I have here is dynamic IP from the ISP?""
the side that have dynamic IP config it with dynamic crypto map.

Sheraz.Salim · ‎10-15-2022

what OS you running on this FPR 1010. Does it run asa code or does it run FTD code? you mentioned all seem to be configured correctly. what do you see on the logs at either side your FPR and what does the ASA on the other end show? Is this a new setup or you changing/migration of old firewall to new firewall?

as said ealier do you see any log (setup any debugs) on both side to pin point what the issue is?

does other remote side is using a static ip anddress and your end you are using a dynamic IP address. If this correct could you share your firewall configuration if possible if not have look on this document migration of ASA vpn tunnel code into FTD code. if you have a new setup with new firewall it will still give you a good understand how it should be setup. ideally, when local end is using a dynamic IP addresss (i guess in your case you have a dynamic ip address) from the Internet service provider (ISP) this is know as Dynamic peer.

please do not forget to rate.