Network Wizkid's Technical Knowledge Base

In this article we will take a look at how to configure site-to-site virtual private networks (VPN) on Firepower Threat Defense (FTD) managed devices. Note: This demonstration assumes that managed devices are licensed appropriately. In this demonstration, the site-to-site VPN will be configured using IKEv2. One Firepower device is configured as a standalone and will be configured using the Firepower Device Manager (FDM) and the other is configured to be managed using the Firepower Management Center (FMC). The underlying network is already configured and will NOT be covered as part of this demonstration. Configuring Firepower S2S VPN using FDM Access the FDM GUI and login to the Firepower appliance From the device summary page, scroll to the bottom of the page and click on Site to Site VPN Click on 'Create Site-to-Site Connection' Configure the following settings relevant to your environment: Connection Profile Name Local VPN Access Interface Local Network for interesting VPN tr...

In this article we are going to take a look at how to configure remote access VPN's on Firepower devices. This demonstration is based on the following lab environment: Cisco Virtual Firepower Management Center Cisco Virtual Firepower Threat Defense Cisco ISE 2.6 Windows host with AnyConnect VPN Windows Server 2019 (CA Server) All Firepower devices are running version 6.5 Note: ISE is used for authentication and authorization in the following lab however the configuration elements of ISE are out of scope for this demonstration. Generate a CSR for Remote Access VPN's Those accessing your network remotely need to trust the service you're running. Without the correct trust users could face issues connecting via VPN. With access to the FMC navigate to Objects > Object Management > PKI > Cert Enrollment Assuming you are opting for manual enrollment, select 'Manual' in Enrollment Type and copy the CA Certificate BASE-64 into the field. Now select the 'Certifi...