Skip to main content

 

 

Cisco Defense Orchestrator

Create a Site-To-Site VPN

You can create a site-to-site VPN by following one of the two methods: simple configuration and advanced configuration. If both or any one of the devices are in the extranet, you will have to use the advanced configuration to set up the site-to-site VPN. Simple configuration is not supported by extranet devices. For this release, only PTP topology is supported, containing one or more VPN tunnels. Point-to-point (PTP) deployments establish a VPN tunnel between two endpoints.

Create a Site-To-Site VPN using the Simple Configuration

  1. On the navigation bar, choose VPN.
  2. Click the blue plus blue_cross_button.png button to create a VPN Tunnel.

Note: Alternatively, you can create the Site-to-Site VPN connection from the Devices & Services page.

  1. On the navigation bar, click Devices & Services.
  2. Select two FTD devices that you want to configure.
  3. In the right-page, under Device Actions click Create Site-to-Site VPN.
  1. Enter a unique topology Configuration Name.  We recommend naming your topology to indicate that it is an FTD VPN, and its topology type.
  2. Choose the endpoint devices for this VPN deployment from Devices.
  3. Choose the VPN Access Interface for the for the endpoint devices.
  4. Click the blue plus blue_cross_button.png button to add the Protected Networks for the participating devices.
  5. Click Create VPN, and then click Finish.

The Point to point VPN is created with IKEv2 as the default.

Create a Site-To-Site VPN using the Advanced Configuration

  1. On the navigation bar, choose VPN.
  2. Click the blue plus blue_cross_button.png button to create a VPN Tunnel.
  3. In the Peer Devices section, specify the following device configurations:
    1. Enter a unique topology Configuration Name.  We recommend naming your topology to indicate that it is an FTD VPN, and its topology type.
    2. Choose the endpoint devices for this VPN deployment from Devices. If you select an extranet device, specify the extranet device’s IP address.
    3. Choose the VPN Access Interface for the endpoint devices.
    4. Click the blue plus  blue_cross_button.png button to add the Protected Networks for the participating devices.
    5. Click Advanced.
  4.  In the IKE Settings section, specify the following IKEv2 policies configurations:
    Note: By default, the IKEV2 policies for Peer 1 and Peer 2 is set as DES-SHA-SHA
    1. Click the blue plus blue_cross_button.png button and select the IKEv2 policies. To delete an existing IKEv2 Policy, hover-over the selected policy and click the x icon.
    2. Enter the Pre-Shared Key for the participating devices. If the pre-shared keys are different for endpoint devices, click the blue settings blue_gear_settings.jpg button and enter the appropriate pre-shared keys for the devices.
    3. Click Next.
  5. In the IPSec Settings section, specify the following IPSec configurations:
    1. Click the blue plus  blue_cross_button.png button and select the IKEv2 proposals. To delete an existing IKEv2 Proposal, hover-over the selected proposal and click the x icon.
    2. Choose the Diffie-Hellman Group for Perfect Forward Secrecy.
    3. Click Create VPN, and then click Finish.

The Point to point VPN is created with IKEv2 as the default.

  • Was this article helpful?