Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2868
Views
0
Helpful
4
Replies

FIPS Compliant site-to-site VPN

Go to solution
YECA911ORG
Level 1
Level 1

‎02-05-2010 03:40 PM - edited ‎03-11-2019 10:05 AM

Hello.  I have ASA 5505 boxes that I want to configure for site-to-site encryption over a WAN link.  I need the enctyption to be FIPS 140-2 compliant.  I am running Cisco ASA Version 7.2(3), installed about May 2008.

My links go: LAN-ASA-Router-<WAN>-Router-ASA-LAN, where WAN will be T-1 or similar.

I have seen the site-to-site configuration examples.  If I use 3DES at each end will that be in compliance?

Anything special (IOS, software upgrade, etc) that I need?

Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to YECA911ORG

‎02-05-2010 05:49 PM

Asa5505 can suport up to 25 ipsec tunnels  so the answer to your question is yes,  you can have  more than one L2L vpn  from  asa_f1 , see examples  in bellow link under site-to-site VPN.

http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html

Jorge Rodriguez

View solution in original post

0 Helpful
4 Replies 4

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎02-05-2010 04:21 PM

Read this whole doc, will tell you all about meeting FIPS complience -  3DES  encryption is   FIPS complience .

http://www.cisco.com/en/US/docs/security/asa/asa70/hw/fips_asa.html

 

Jorge Rodriguez
0 Helpful

Go to solution
YECA911ORG
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎02-05-2010 04:35 PM

Thank you!

I have a follow-up question, that I should have made clear in my original question.

Can I make one-to-many VPN connections with the ASA 5505 firewalls, as illustrated below:

Site to site, from FW_1 to FW_A, and FW_1 to FW_B, and FW_1 to FW_C.

0 Helpful

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to YECA911ORG

‎02-05-2010 05:49 PM

Asa5505 can suport up to 25 ipsec tunnels  so the answer to your question is yes,  you can have  more than one L2L vpn  from  asa_f1 , see examples  in bellow link under site-to-site VPN.

http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html

Jorge Rodriguez
0 Helpful

Go to solution
YECA911ORG
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎02-08-2010 07:46 AM

Thank you for your help. I appreciate it!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card