top of page

Summary: 

1. Create a new VPN Topology (think this as if community in Check Point)

2. Config IKE 

3. Config IPSec

4. Create Rules 

5. Save and Deploy policy 

1. Devices > VPN > Site to Site > Add VPN > Firepower Threat Defense Device > Fill out the "Topology Name", choose "Point to Point", Node A: <local gateway>, Node B: <peer gateway>

1.PNG

Local Gateway:

2.png

Peer Gateway: repeat the same process above.

2. IKE

3.png

3. IPSEC

4.png

4. ACLs

Policies > Access Control > Access Control > click the policy name to edit

Rules > Add Rule > NOTE: you will need to figure out Source and Destination Zones (see below)

5.png

Identifying Zones: 

Essentially, Firepower is a Cisco version of ASA, so you can figure out zones via packet-tracer via cli. 

SSH to the gateway, you will see ">" prompt. You can change it to "#" by typing "system support diagnostic-cli"

6.png

5. Save and Deploy policy 

bottom of page