GOLD: VPN Client Site To Site with Cisco ASA IPSec

Follow

Jeremy Wesley

• September 01, 2020 19:03

Hi All,

I have a Cisco ASA 5506 in my home and I would like to remove it and use only the Firewalla Gold as the router. However, I need to add 2 Site-To-Site VPN connections for work. 

Are there any documents on how to setup this type of connection. The 3rd party option seem to be limited to 3rd party services like NordVPN. There is an option to import a profile but I am not sure how to generate that file so I can import it.

Thanks

0

• 

  Firewalla

  • September 06, 2020 23:02

  To get the box work with Cisco ASA working, a completely new VPN protocol (IP Sec) will need to be supported.  And it may be more difficult to do site to site, since firewalla doesn't control the other side.  

  But it is highly possible to do IPSec VPN client first and have it running with the ASA.  But ... this highly depends if more people interested in this feature, or we offer this as a paid option to offset the dev cost. 

  0

  Comment actions Permalink
• 

  Sean B

  • December 14, 2020 19:13
  • Edited

  Hello-

  I am also interested in this feature for the Firewalla Gold, as it would allow me to setup a Site-To-Site VPN connection to my employers enterprise network, currently running Cisco VPN. Currently I run around 10 concurrent VPN client connections, it's painful.

  -Sean

  0

  Comment actions Permalink
• 

  Firewalla

  • December 14, 2020 19:25

  @sean, can you please send an email to help@firewalla.com, topic "IPSEC VPN".  It is very likely we will produce something in the very near future that may work with IPSec VPN, we may need some early testers.  

  0

  Comment actions Permalink
• 

  John Molchin

  • December 16, 2020 20:54

  @Firewalla I'd sign up as an early tester, I also need to do site-2-site with other firewall vendors, Juniper, Palo, etc.. this is easy to do with other vendors, just not Firewalla.

  0

  Comment actions Permalink
• 

  Otis Ohnemus

  • March 03, 2021 13:03

  @firewalla I too would be interested in this feature and being a early tester. My office uses Checkpoint appliances everywhere and we would love to do Site to Site from Gold to Checkpoint.

  0

  Comment actions Permalink
• 

  Justin St. Marie

  • May 30, 2021 14:54

  If this would also support 2FA, I would also be interested, so I can connect to work on a segment rather than at the host.  Did this request gain any traction?

  0

  Comment actions Permalink
• 

  Firewalla

  • May 30, 2021 17:09

  Site to site is specific to different vendors, so to make it all work, some of the implementations will need to be vendor-specific. And that specific knowledge is not cheap. Even if we are going to support certain appliances, it will likely carry an extra cost. 

  0

  Comment actions Permalink
• 

  Robert Kulp

  • January 17, 2022 14:34

  Would love to have Firewalla Gold support IPSEC. Specifically, working from home requires a VPN connection back to corporate. Right now, I'm firing up the local VPN client on my laptop, which works fine, but it would great if FWG would support nailed up site to site IPSEC connections. This way, I could have an always-on connection back to work and route it accordingly at home.

  2

  Comment actions Permalink
• 

  Jeremy Wesley

  • March 24, 2023 19:34

  Firewalla now supports AnyConnect SSL VPN connections. I was able to get this working with our existing AnyConnect by disabling IPSec on the Cisco ASA VPN Profile and just use AnyConnect SSL. Its not "Site-To-Site" because you use a username for the anyconnect but its works as I expected it to. So thats a win in my book.  The Firewalla AnyConnect VPN will NOT work with IPSec, do not even waste your time trying.

  Thanks to the firewalla support team for working with me on this to discover the IPSec issue.

   

  0

  Comment actions Permalink
• 

  Barry Miller

  • December 05, 2023 11:00

  IPSEC support would be amazing and would be happy to be an early tester for this. Whilst configuration would be more complex as knowledge would be required to configure both sides correctly anyone who would looking to use this is likely to already have the required knowledge

  0

  Comment actions Permalink
• 

  Kyle Maley

  • July 10, 2025 20:59

  I'd also be interested in being an early tester! 

  0

  Comment actions Permalink
• 

  Firewalla CM

  • July 10, 2025 21:40
  • Edited

  As of MSP 2.8, we officially support IPsec for 3rd-party VPN Clients with Firewalla MSP. Learn more about MSP's VPN Client here.

  For some examples on setting up IPsec, please consult these guides:

  • How to set up IPsec VPN with Unifi UDM
  • How to set up IPsec VPN with AWS
  • How to set up IPsec VPN with pfSense

  0

  Comment actions Permalink

Please sign in to leave a comment.