Virtual Private Network (VPN) is a network connection that establishes a secure tunnel between remote peers using public ip address to connect 2 or more private networks. Encryption is use to ensure privacy and integrity of the Data.
IPsec-based VPN technologies use the Internet Security Association and Key Management Protocol (ISAKMP, or IKE) and IPsec tunneling standards to build and manage tunnels. ISAKMP and IPsec accomplish the following:
- Negotiate tunnel parameters.
- Establish tunnels.
- Authenticate users and data.
- Manage security keys.
- Encrypt and decrypt data.
- Manage data transfer across the tunnel.
- Manage data transfer inbound and outbound as a tunnel endpoint or router.
In this tutorial I will show you how to configure site to site VPN between 2 FTDv 7.3.0.
Below is how the setup looks like.
Before we start with the configuration of the site to site VPN let’s create a few objects that we will be using in the setup. Do this for both the FTDv in Active an
- Site 1 Network: 10.16.2.0/24
- Site 2 Network: 172.16.2.0/24
Go to Objects > Networks and click on Add + button.
Add Site 1 Network Object
Add Site 2 Network Object
Now let’s begin configuring the Site to Site VPN between 2 sites.
Step 1 – Create a site to site policy on FTDv7-3-0-Active
Go to Device
- Connection Profile Name: ActivetoS2SDemo
- Type: Policy Based
- Local VPN Access Interfaces: outside (GigabitEthernet0/0)
- Local Network: Site2 (The inside network of the Local Network)
- Remote Site: Static
- Remote IP Address: <Public IP Address of the VPN Termination>
- Remote Network: Site1 (The inside network of the remote network)
Step 2 – Configure the NAT Rule on FTDv7-3-0-Active
If you did not enable the NAT Exempt feature in the SITE-TO-SITE CONNECTION settings you can manually create a NAT Rule.
Step 4 – Configure the Access Control Policy on FTDv7-3-0-Active
Allow Site1 (Remote Local Network) traffic from outside (VPN) to inside Site2 (Local Network).
Step 5 – Create a site to site policy on FTDv7-3-0-S2SDemo
- Connection Profile Name: ActivetoS2SDemo
- Type: Policy Based
- Local VPN Access Interfaces: outside (GigabitEthernet0/0)
- Local Network: Site2 (The inside network of the Local Network)
- Remote Site: Static
- Remote IP Address: <Public IP Address of the VPN Termination>
- Remote Network: Site1 (The inside network of the remote network)
Step 6 – Configure the NAT Rule on FTDv7-3-0-S2SDemo
If you did not enable the NAT Exempt feature in the SITE-TO-SITE CONNECTION settings you can manually create a NAT Rule.
Step 7 – Configure the Access Control Policy on FTDv7-3-0-S2SDemo
Allow Site2 (Remote Local Network) traffic from outside (VPN) to inside Site1 (Local Network).
Above are the basic steps to configure the site to site VPN between 2 FTDv.
The official FDM 7.3 Configuration guide can be found here.