Home / Cisco Security / Site to Site VPN configuration on Cisco Firepower Device Manager

Site to Site VPN configuration on Cisco Firepower Device Manager

Today I am going to talk about the configuration of Site to Site VPN between two Cisco Firepower Device Manager. As many of you already knew about Site to site VPN, but let me give you some information on site to site VPN. 

Short Note on VPN- Virtual Private Network
A virtual private network or so called VPN is a network connection that determines a secure tunnel among remote devices using a public source, such as the Internet or other network. VPNs use tunnels to encapsulate data packets within normal IP packets for progressing over IP-based networks. They use encryption to ensure privacy and authentication to ensure the integrity of data.

Site-to-site VPN usually builds a direct, unshared and secure connection among two end points. Site-to-site VPN can be intranet built or extranet built. Intranet-based site-to-site VPN is created among an organization's propriety networks, while extranet-based site-to-site VPN is created for connecting with external partner networks or an intranet.

Fig 1.1- Site to Site VPN
Site to Site VPN delivers the capability to connect geographically separate locations or networks, typically over the public Internet connection or a WAN connection.

Below is the procedure to configure the Site to Site VPN on Firepower Device Manager
  • Click Device, then click View Configuration in the Site-to-Site VPN group
  • To create a new Site-to-Site VPN connection, click the + button and can also click the Create Site-to-Site Connection button.
  • Now define the endpoints of the point-to-point VPN connection, which contains Connection Profile name and defining the local site like Local VPN Access Interface and Local Network and also the remote site which includes the information of remote IP address and Remote network information.
  • Now define the privacy configuration for the VPN, like for encryption we need to define IKE Version 2 and 1, IKE policy, IPSEC proposal, Local Preshared Key, Remote peer Preshared key, NAT information.
  • Once you completed this information, you are good to go with the site to site VPN configuration.