Migrating ASA to FTD

For this post, we will be discussing migrating an ASA with FirePOWER services to a Firepower Threat Defense (FTD) image on an ASA 5506-X appliance. At a high level, you reimage the ASA unit with a FTD then use the migration tool (if you have…
Read more

DVTI on Hub-Spoke IKEV2

R1 ----------------- (config)#crypto pki certificate map CAMP 1 #issuer-name co talebi (config)# default crypto ikev2 proposal (config)# crypto ikev2 proposal default # encryption aes-cbc-256 # integrity sha256 # group 14 (config)#…
Read more

FlexVPN - Part 2

-Proposal ==>Dephi Helman Group - Encryption - Integrity -Policy -Profile (match), (keyring) show crypto ikev2 proposal default show crypto ikev2 policy default show crypto ikev2 transform-set default show crypto ipsec profile default Changing…
Read more

FlexVPN: IKEV2 - Part 1

FlexVPN = IKEV2 + NGE(Next Generation Encryption) IKEV1 = phase 1 => negotiate phase 2 => IPSec Tunnel IKEV2 => Initial neogtiation + IPSec Tunnel => proposals, key ring, policy, profile #show crypto ikev2 proposal default #show…
Read more

Dynamic Virtual Tunnel Interfaces (VTIs)

Branches with Static VTI Hub : Dynamic VTI - ISAKMP Profile - Key ring with PSKs - Virtual Template R1(Hub) --- (config)# crypto isakmp policy 1 (config-isakmp)# encr aes 192 (config-isakmp)# authentication pre-share (config-isakmp)#…
Read more

Site to Site- Static VTI IPSEC

R1 --- (config)#crypto ipsec tranform-set HRT esp-aes 256 esp-sha-hmac (cfg-crypto-trans)# mode tunnel (config)#crypto ipsec profile P2P-PROFILE (ipsec-profile)# set transform-set HRT (config)#crypto isakmp policy 15 #encr aes 256 #authentication…
Read more