Cisco Cisco Firepower Management Center 4000
11-8
FireSIGHT System User Guide
Chapter 11 Using Gateway VPNs
Managing VPN Deployments
Public IKE Port
If you selected
Internal IP
, specify a single numerical value from 1 to 65535 for the UDP port on the
firewall that is being port-forwarded to the internal endpoint. If the endpoint is a responder and the
port on the firewall being forwarded is not 500 or 4500, you must specify this value.
port on the firewall being forwarded is not 500 or 4500, you must specify this value.
Use Deployment Key
Select the check box to use the pre-shared key defined for the deployment. Clear the check box to
specify a pre-shared key for VPN authentication for this endpoint pair.
specify a pre-shared key for VPN authentication for this endpoint pair.
Pre-shared Key
If you cleared the
Use Deployment Key
check box, specify a pre-shared key in this field.
Tip
To edit an existing point-to-point deployment, click the edit icon (
) next to the deployment. You
cannot edit the deployment type after you initially save the deployment. Two users should not edit the
same deployment simultaneously; however, note that the web interface does not prevent simultaneous
editing.
same deployment simultaneously; however, note that the web interface does not prevent simultaneous
editing.
To configure a point-to-point VPN deployment:
Access:
Admin/Network Admin
Step 1
Select
Devices > VPN
.
The VPN page appears.
Step 2
Click
Add
.
The Create New VPN Deployment pop-up window appears.
Step 3
Give the deployment a unique
Name
.
You can use all printable characters, including spaces and special characters.
Step 4
Ensure that
PTP
is selected as the
Type
.
Step 5
Give the deployment a unique
Pre-shared Key
.
Step 6
Next to
Node Pairs
, click the add icon (
).
The Add New Endpoint Pair pop-up window appears.
Step 7
Configure the VPN deployment, as described earlier in this section.
Step 8
Under
Node A
, next to
Protected Networks
, click the add icon (
).
The Add Network pop-up window appears.
Step 9
Type a CIDR block for the protected network.
Step 10
Click
OK
.
The protected network is added.
Step 11
Repeat step
through step
Node B
.
Step 12
Click
Save
.
The endpoint pair is added to your deployment and the Create New VPN Deployment pop-up window
appears again.
appears again.
Step 13
Click
Save
to finish configuring your deployment and the VPN page appears again.