Short for IP Security, IPSec is an Internet Engineering Taskforce (IETF) standard suite of protocols between 2 communication points across an IP network that provide data authentication, integrity, and confidentiality. It is supported by different vendors. OpenSSL can still be preferred over IPSec.
- Cisco ® Secure Firewall ASA Virtual (formerly ASAv) gives you the flexibility to choose the performance you need for your organization. Secure Firewall ASA Virtual is the virtualized option of our popular Secure Firewall ASA solution and offers security in traditional physical data centers and private and public clouds.
- Apr 21, 2018 Cisco ASAv. File Size 4 files. Create Date April 21, 2018. Last Updated April 21, 2018.
- After that Extract Cisco-ASAv Template.rar and copy Cisco-ASAv.gns3a file in to asav-962-001 folder.(Make sure that all Cisco-ASAv.gns3a and asav-962-001.qcow2 file should be on same folder). Open GNS3 and Go to File menu and click to Import Appliance after that select Cisco-ASAv.gns3a file from asav-962-001 folder.
- Jul 20, 2021 Cisco Adaptive Security Virtual Appliance (ASAv) Getting Started Guide, 9.13. Introduction to the Cisco ASAv. PDF - Complete Book (3.81 MB) PDF - This Chapter (1.05 MB) View with Adobe Reader on a variety of devices.
We are going to configure an IPSec VPN between a Cisco ASA and a pfSense Firewall. Cisco ASA is a Cisco proprietary firewall that provides VPN/Firewall solutions to small, medium and large enterprises. The pfSense Firewall on the other hand is a free and open source distribution of FreeBSD customized for use as a firewall and router. pfSense is lightweight and can be installed on a PC with two NICs. You can get a copy of your pfSense from here. At the time of this writing, the latest version is v2.4.4.
In this lab, we will configure a Site-to-Site IPSec VPN between a Cisco ASAv and a pfSense Firewall.
Prerequisites
Jun 08, 2021 Now, search for asav, You will found Cisco ASAv is available under Nodes and ready to configure. Initial Management Interface configuration of Cisco ASAv Firewall. After the Cisco ASA deployment on eve-ng, we need to configure the management interface. Access the telnet console of Cisco ASA and configure the management interface.
- Cisco ASAv with configured interfaces, ASDM as well as other basic configurations.
- pfSense Firewall, WAN and LAN configured interfaces.
- IP Addressing and ensure connectivity between the ASAv appliance and pfSense.
- Basic routing configuration on the Cisco L3 router for internet access.
Build the topology on EVE-NG
I have built the topology on my EVE-NG lab and configured the two firewalls.
- Cisco ASAv
- 2 x Cisco Multi-layer switch images (you can still use a layer 2 switch image. It’s not very necessary to use L3)
- pfSense Firewall
- Internet Router. Cisco L3 image.
- A Cloud image (management(Cloud0)) that will connect both Site A and Site B to the internet through our Internet Router.
We are going to have two Sites. Site A and Site B that are going to be connected to an internet router which will provide some routing to the internet.
In our next step, we will set up a site-to-site ipsec vpn between the two sites that use different firewall solutions from two giant vendors.
Set up site-to-site IPSec implementation
There are two phases in IPSec implementation. Phase 1 and Phase 2.
ISAKMP/Phase 1 attributes are used to authenticate and create a secure tunnel over which IPsec/Phase 2 parameters are negotiated.
We will begin by configuring the our ASAv with the phase I and phase II attributes.
IPSec ISAKMP Phase I
Cisco Asav License
IPSec Phase II
That’s it from our ASAv side of things. Lets jump to our pfSense firewall on Site B
Phase I
Login in to the pfSense web configurator and navigate to VPN > IPsec
Click on Add P1 on the Tunnels tab which we are going to add our Phase I attributes as below.
Leave the rest as is and save your changes. Once done you should have Phase I set up as below
Phase II
Click on Show Phase 2 Entries button and click on Add P2 to add our phase 2 attributes
Next configure your IPSec phase 2 attributes as below.
Click the Save button to save changes and go back to the Tunnels tab where you can view a summary of your Phase 1 and Phase 2 configuration.
Our IPSec configuration is complete on both ends. To very this we are going to check the vpn connection status on the pfsense firewall as well as on the show ipsec status on the ASA firewall. To do that, on the pfsense menu, go to Status > Ipsec and click on Connect VPN button. Connection should be established.
If you followed keenly on the configuration, you should get an established connection from the pfsense above as well as the ASAv firewall below
In our ASAv firewall, we can issue the below command to confirm our ipsec status
Cisco Asav Aws
That marks the end of our lab: Configuring Site-to-Site IPsec VPN between Cisco ASAv and pfSense Firewall.