Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
405
Views
0
Helpful
7
Replies
Highlighted
julioegb
Beginner
Beginner
‎10-13-2020 05:43 PM
‎10-13-2020 05:43 PM

VPN Site-To-Site From Firepower 2110 with FDM to Azure

Hi Cisco Community friends


I'm having trouble setting up a VPN with an FTD 2110 with FDM to Azure. I wanted to ask if anyone has any documentation, links or any recommendations.

 

I was reviewing the attached document, only that it is for the configuration in FMC, I also used the information in this link to configure the encryption and authentication parameters:

https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/214109-configure-asa-ipsec-vti-connection-to-az.html

 

Regards,

JG

Labels:
Preview file
921 KB
0 Helpful
Reply
7 REPLIES 7
Highlighted
Mohammed al Baqari
VIP Advisor VIP Advisor
VIP Advisor
‎10-13-2020 06:50 PM
‎10-13-2020 06:50 PM

It doesn't make a difference whether you set it using fdm or fmc. It should
work.

Login to ftd cli and go to system support diag. Then run debug crypto ikev2
or v1 depending on your setup.

***** please remember to rate useful posts
0 Helpful
Reply
Highlighted
Aref Alsouqi
VIP Rising star VIP Rising star
VIP Rising star
‎10-14-2020 01:45 AM
‎10-14-2020 01:45 AM

What is the issue you are struggling with?

0 Helpful
Reply
Highlighted
julioegb
Beginner
Beginner
In response to Aref Alsouqi
‎10-14-2020 09:19 AM
‎10-14-2020 09:19 AM

Thanks Aref. Yesterday I did tests, phase 1 never lifted. I did tests with packet-tracer and ping tcp doesn´t show difference in phase 1. I'm using ikev2.

 

Regards,

JG

 

0 Helpful
Reply
Highlighted
Aref Alsouqi
VIP Rising star VIP Rising star
VIP Rising star
In response to julioegb
‎10-14-2020 11:18 AM
‎10-14-2020 11:18 AM

You welcome. I would enable debug crypto ikev2 protocol 127 and check the output, that might help you spotting the issue straightaway.

0 Helpful
Reply
Highlighted
julioegb
Beginner
Beginner
In response to Aref Alsouqi
‎10-14-2020 01:02 PM
‎10-14-2020 01:02 PM

Hi

 

I'm doing packet-tracer to test traffic flow. In others implementations with ASA and IKEv2 I was able to see the VPN phase in the packet-tracer flow even if the VPN was down. Right now I can't see the VPN phase in the packet-tracer for the VPN traffic, I'm in version 6.2.1, I'm going to upgrade the FW first.

 

Regards,

JG

0 Helpful
Reply
Highlighted
Aref Alsouqi
VIP Rising star VIP Rising star
VIP Rising star
In response to julioegb
‎10-14-2020 02:12 PM
‎10-14-2020 02:12 PM

Log into the FTD via CLI, issue the command "system support diagnostic-cli", then type enable and hit enter with no password, this will take you to kind of the old ASA CLI. From there please do all the show commands related to the VPN configuration and post the sanitized output for review. Example:

show run crypto map

show run crypto ikev2

show run nat

show run access-list <the-crypto-ACL>

show run crypto ipsec

show run crypto ikev2 | i enable

0 Helpful
Reply
Highlighted
Kevin.berlin
Beginner
Beginner
‎10-15-2020 06:28 AM
‎10-15-2020 06:28 AM

Check out these resources:

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal

 

I found this video helpful for understanding the steps which I was able to configure for my environment

https://www.youtube.com/watch?v=dA_ND-hOHG8&t=594s&ab_channel=CloudGuard

 

Deploy virtual network gateway and configure a Site to Site VPN between azure and Palo Alto
Deploy virtual network gateway and configure a Site to Site VPN between azure and Palo Alto
youtube.com/watch?v=dA_ND-hOHG8&t=594s&ab_chann...
In this video we walk you through on how you will deploy virtual network gateway in azure and configuration of site to site VPN between virtual network gatew...
0 Helpful
Reply
Latest Contents
ISE Performance & Scale
Created by howon on 02-24-2021 08:26 PM
11
214
11
214
  ISE Node TerminologyISE DeploymentsISE Deployment Scale and LimitsMaximum Network Latency Between NodesISE Hardware PlatformsISE PSN PerformanceISE TACACS+ PerformanceISE 2.6 RADIUS PerformanceISE 2.4 RADIUS PerformanceISE 2.3 RADIUS PerformanceIS... view more
Detecting and Responding to the SolarWinds Infrastructure At...
Created by aligarci on 02-23-2021 08:19 AM
0
5
0
5
On December 8, FireEye reported that it had been compromised in a sophisticated supply chain attack: more specifically through the SolarWinds Orion IT monitoring and management software. The attackers leveraged business software updates in order to distr... view more
Arista CloudVision WiFi Dictionary and NAD Profile for ISE I...
Created by hslai on 02-21-2021 01:59 PM
0
10
0
10
Attached are the dictionary and NAD profile as described in Arista CloudVision WiFi Integration with Cisco ISE .
Cisco Secure Endpoint Free Trial Guide
Created by E.L. Howard on 02-15-2021 07:36 PM
0
0
0
0
ISE Node TerminologyISE DeploymentsISE Deployment Scale and LimitsISE Hardware PlatformsISE PSN PerformanceISE TrustSec ScalingISE Storage RequirementsISE ERS ScaleISE WAN Bandwidth CalculatorSources   About this Document Cisco Secure Endpoint (for... view more
Firepower 6.7 Release Demonstration - Health Monitoring
Created by Namit Agarwal on 02-08-2021 11:42 AM
0
0
0
0
  In this video, Namit reviews Health Monitoring improvements and introduces the new Unified Health Monitoring dashboard on the FMC. 
Content for Community-Ad