Create a Site-to-Site VPN Between ASA and Multicloud Defense Gateway
You can create site-to-site IPsec connections between an ASA and a Multicloud Defense Gateway that complies with all relevant standards. After the VPN connection is established, the hosts behind the firewall can connect to the hosts behind the gateway through the secure VPN tunnel.
Multicloud Defense currently supports Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), and Oracle OCI cloud accounts.
Use the following procedure to create a VPN tunnel between an ASA device that is managed by Security Cloud Control and Multicloud Defense Gateway from the Security Cloud Control dashboard:
Before you begin
Ensure that the following prerequisites are met:
-
The ASA device must not have any pending changes.
-
Create a BGP profile in the ASA console prior to creating a VPN tunnel. See Configure ASA Border Gateway Protocol for more information.
-
The Multicloud Defense Gateway must be in the Active state.
-
The Multicloud Defense Gateway must be VPN enabled. See Enable VPN within the gateway.
-
Read the ASA site-to-site VPN limitations and guidelines for more information.
-
Read the Multicloud Defense Gateway prerequisites and limitations for more information.
Procedure
Step 1 | In the left pane, choose . |
Step 2 | Click the Create Tunnel ( |
Step 3 | In the Peer Selection area, provide the following information:
|
Step 4 | Click Next. |
Step 5 | In the Peer Details area, provide the following information:
|
Step 6 | Click Next. |
Step 7 | In the Tunnel Details area, provide the following information:
|
Step 8 | Click Next. |
Step 9 | In the IKE Settings area, Security Cloud Control generates a default Local Pre-Shared Key. This is a secret key string that is configured on the peers. IKE uses this key during the authentication phase. It is used to verify each other when establishing a tunnel between the peers. |
Step 10 | In the Finish area, review the configuration and continue further only if you’re satisfied with the configuration. By default, the Deploy changes to ASA immediately check box is checked to deploy the configurations immediately to the ASA device after clicking Submit. If you want to review and deploy the configurations manually later, then uncheck this check box. |
Step 11 | Click Submit. The configurations are pushed to the Multicloud Defense Gateway. |
The VPN page in Security Cloud Control shows the site-to-site tunnel created between the peers. You will be able to see the corresponding tunnel in the Multicloud Defense Gateway portal.