Cisco Cisco Firepower Management Center 4000

Give the deployment a unique 

.

Next to 

, click the add icon (

).

The Add Endpoint pop-up window appears.

Configure the VPN deployment, as described earlier in this section.

Next to 

, click the add icon (

).

The Add Network pop-up window appears.

Type a CIDR block for the protected network.

Click 

.

The protected network is added.

Click 

.

The endpoint is added to your deployment and the Create New VPN Deployment pop-up window 
appears again.

Repeat step 

 through step 

 to add more endpoints.

Click 

 to complete your deployment and the VPN page appears again. 

Note that you must apply the deployment for it to take effect; see 

VPN

Series 3

VPN deployments contain some common settings that can be shared among the VPNs in a deployment. 
Each VPN can use the default settings or you can override the default settings. Advanced settings 
typically require little or no modification and are not common to every deployment.

The following list describes the advanced options you can specify in your deployment.

Select the check box to enable auto negotiation to an algorithm not listed in the Algorithm list, but 
proposed by the remote peer.

Specify the phase one and phase two algorithm proposals to secure data in your deployment. Select 

, 

, and Diffie-Hellman (

) group authentication messages for both phases.

Specify a numerical value and select a time unit for the maximum IKE SA renegotiation interval. 
You can specify a minimum of 15 minutes and a maximum of 30 days.

Select the check box to specify that the system uses IKE version 2. This version supports the star 
deployment and multiple protected networks.