Document for SF VPN to Cisco ASA leaves out some information

Reference article: Sophos Firewall: Set up IPSec between the firewall and Cisco ASA

The article doesn't describe how to setup the profile as compared to what Cisco shows in their product.

For example, this policy

crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400

And this proposal

crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5

Maybe this will be appropriate to match what's in the ASA?

We will deploy and hope it works.

An update to the document on how to help us Sophos Firewall Architects understand how to connect with an ASA would be very helpful.

Thank you

DavidSain

Parents

DominicRemigio over 2 years ago

Hi DavidSain

This is now redirected to the Sophos Firewall Recommended Reads: Sophos Firewall: Configure IPsec connection between Sophos Firewall and Cisco ASA

This will be updated if more information is available.

Thank you.
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel

Comment

DominicRemigio over 2 years ago

Hi DavidSain

This is now redirected to the Sophos Firewall Recommended Reads: Sophos Firewall: Configure IPsec connection between Sophos Firewall and Cisco ASA

This will be updated if more information is available.

Thank you.
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel

Children

DavidSain over 2 years ago in reply to DominicRemigio

Thank you for the update. The link assumes the reader knows how to build the VPN in the ASA. My issue is due to replacing an ASA that connects to another ASA, I am having to figure out how to build the IPsec profile in the SF to match what the ASA has built so we can drop it in with little fuss. I'm assuming it's correct but won't know until our staff go out onsite to deploy.
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel