Cisco Firepower 1010 Configuration

KB ID 0001673

Background

This page will be used as a central repository and ‘index’ for configuration on the Cisco Firepower 1010 series firewall. I intend to add to it as I test the capabilities and work out any problems whilst trialing/deploying and operating this platform.

Config Documents

VPN Firepower 1000 series running ASA Code.

General

Cisco Firepower 1010 Licensing

Reimage Cisco 1010 ASA to FTD

VPN

EZVPN

Is not supported on this platform, it cannot be configured as an EZVPN client.

Site to Site VPN (as per older 5500-x and 5500 series)

Cisco ASA Site To Site VPN IKEv2 “Using CLI”

Cisco ASA Site To Site VPN IKEv1 “Using CLI” (Only normally required, if the other end does not support IKEv2)

Cisco ASA Site to Site VPN ‘Using ASDM’

Remote Access VPN

Cisco ASA AnyConnect VPN ‘Using CLI’

Cisco ASA AnyConnect VPN ‘Using ASDM’

Cisco ASA – L2TP over IPSEC VPN ‘Using CLI or ASDM’ (Using Windows 10 Built in VPN client)

Port Forwarding and NAT

Cisco ASA Port Forwarding ‘Using CLI or ASDM’

Cisco ASA Port Forwarding To A Different Port

Cisco ASA Port Forwarding a ‘Range of Ports’

Cisco ASA Static (One to One) NAT Translation

 

VPN Firepower 1000 series running FTD Code.

General

Cisco Firepower 1010 (FTD) Initial Setup

Cisco FTD: AMP/URL Filtering/Threat Detection and AVC

VPN

Site to Site VPN 

Cisco FTD Site to Site VPN

Remote Access VPN 

Cisco FTD Remote Access VPN (AnyConnect)

Cisco FTD (and ASA) Creating AnyConnect Profiles

 

 

I will continue to add to this page but please be patient. (I’m juggling two jobs, and have a personal life!)

Related Articles, References, Credits, or External Links

NA

Author: PeteLong

Share This Post On

3 Comments

  1. Hi Pete.
    I am working on FTD. Your blog is just awesome, it helped for few things.

    I got FTD running with some missing features.

    1. PPTP server behind FTD? On ASA code – “fixup proto pptp pptp” resolved it. But for FTD Code I can not find a working solution.

    2. IPSEC tunnel is working OK. But there I have a double NAT on my side. On ASA all worked with:
    nat (inside,outside) source static localLAN localNATLAN destination static remoteLAN remoteLAN
    access-list outside_cryptomap extended permit ip object localNATLAN object remoteLAN
    On FTD remoteLAN can not access services on localNATLAN translated servers. Adding ACL allowing viceversa traffic cant resolve the issue.

    Any advice, please?

    Post a Reply
  2. Hi Pete

    FDM 1010 – DHCP : where is option for reservation by mac address please ?
    Thanks you for return

    Best regards
    Hacen

    Post a Reply

Leave a Reply to Hacen Cancel reply

Your email address will not be published. Required fields are marked *