Cisco Cisco Firepower Management Center 4000
11-13
FireSIGHT System User Guide
Chapter 11 Using Gateway VPNs
Managing VPN Deployments
Step 5
Give the deployment a unique
Pre-shared Key
.
Step 6
Next to
Nodes
, click the add icon (
).
The Add Endpoint pop-up window appears.
Step 7
Configure the VPN deployment, as described earlier in this section.
Step 8
Next to
Protected Networks
, click the add icon (
).
The Add Network pop-up window appears.
Step 9
Type a CIDR block for the protected network.
Step 10
Click
OK
.
The protected network is added.
Step 11
Click
Save
.
The endpoint is added to your deployment and the Create New VPN Deployment pop-up window
appears again.
appears again.
Step 12
Repeat step
through step
to add more endpoints.
Step 13
Click
Save
to complete your deployment and the VPN page appears again.
Note that you must apply the deployment for it to take effect; see
Configuring Advanced VPN Deployment Settings
License:
VPN
Supported Devices:
Series 3
VPN deployments contain some common settings that can be shared among the VPNs in a deployment.
Each VPN can use the default settings or you can override the default settings. Advanced settings
typically require little or no modification and are not common to every deployment.
Each VPN can use the default settings or you can override the default settings. Advanced settings
typically require little or no modification and are not common to every deployment.
The following list describes the advanced options you can specify in your deployment.
Other Algorithm Allowed
Select the check box to enable auto negotiation to an algorithm not listed in the Algorithm list, but
proposed by the remote peer.
proposed by the remote peer.
Algorithm
Specify the phase one and phase two algorithm proposals to secure data in your deployment. Select
Cipher
,
Hash
, and Diffie-Hellman (
DH
) group authentication messages for both phases.
IKE Life Time
Specify a numerical value and select a time unit for the maximum IKE SA renegotiation interval.
You can specify a minimum of 15 minutes and a maximum of 30 days.
You can specify a minimum of 15 minutes and a maximum of 30 days.
IKE v2
Select the check box to specify that the system uses IKE version 2. This version supports the star
deployment and multiple protected networks.
deployment and multiple protected networks.