cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
405
Views
0
Helpful
7
Replies
Highlighted
Beginner

VPN Site-To-Site From Firepower 2110 with FDM to Azure

Hi Cisco Community friends


I'm having trouble setting up a VPN with an FTD 2110 with FDM to Azure. I wanted to ask if anyone has any documentation, links or any recommendations.

 

I was reviewing the attached document, only that it is for the configuration in FMC, I also used the information in this link to configure the encryption and authentication parameters:

https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/214109-configure-asa-ipsec-vti-connection-to-az.html

 

Regards,

JG

7 REPLIES 7
Highlighted
VIP Advisor

It doesn't make a difference whether you set it using fdm or fmc. It should
work.

Login to ftd cli and go to system support diag. Then run debug crypto ikev2
or v1 depending on your setup.

***** please remember to rate useful posts
Highlighted
VIP Rising star

What is the issue you are struggling with?

Highlighted

Thanks Aref. Yesterday I did tests, phase 1 never lifted. I did tests with packet-tracer and ping tcp doesn´t show difference in phase 1. I'm using ikev2.

 

Regards,

JG

 

Highlighted

You welcome. I would enable debug crypto ikev2 protocol 127 and check the output, that might help you spotting the issue straightaway.

Highlighted

Hi

 

I'm doing packet-tracer to test traffic flow. In others implementations with ASA and IKEv2 I was able to see the VPN phase in the packet-tracer flow even if the VPN was down. Right now I can't see the VPN phase in the packet-tracer for the VPN traffic, I'm in version 6.2.1, I'm going to upgrade the FW first.

 

Regards,

JG

Highlighted

Log into the FTD via CLI, issue the command "system support diagnostic-cli", then type enable and hit enter with no password, this will take you to kind of the old ASA CLI. From there please do all the show commands related to the VPN configuration and post the sanitized output for review. Example:

show run crypto map

show run crypto ikev2

show run nat

show run access-list <the-crypto-ACL>

show run crypto ipsec

show run crypto ikev2 | i enable

Highlighted
Beginner

Check out these resources:

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal

 

I found this video helpful for understanding the steps which I was able to configure for my environment

https://www.youtube.com/watch?v=dA_ND-hOHG8&t=594s&ab_channel=CloudGuard

 

In this video we walk you through on how you will deploy virtual network gateway in azure and configuration of site to site VPN between virtual network gatew...
Content for Community-Ad