Scenario 7 - Site to Site VPN Dashboard
In this guide we will look at the Site to Site VPN Dashboard in Firewall Management Center (FMC).
The Site-to-Site VPN Dashboard in Cisco Secure Firewall Management Center (FMC) is a centralized control and monitoring interface designed to manage and oversee Site-to-Site VPN connections across an organization's network. It provides an overview of the VPN topology, displaying all VPN connections between sites, their statuses, and tools to troubleshoot any connection failures.
Before you begin
The data displayed in the dashboard is populated based on the tasks completed in the VRF support for DVTI lab. Please ensure to complete that lab first before proceeding with this lab.
Lab Tasks
These are the tasks in the scenario below. If you are familiar with the Secure Firewall you may do these on your own, or for step-by-step instructions see below.
- Task 1 - Login to FMC
- Task 2 - Explore the Site to Site Dashboard and Try the Packet Tracer
- Task 3 - Disable DVTI12 to take a look at an Inactive Tunnel in the Dashboard
Task 1 - Login to FMC
-
In case you are not already logged into the FMC, use the Quick Launch or the Google Chrome browser connect to the FMC web UI. These credentials should be pre-populated in the browser, otherwise login as admin/C1sco12345.
Task 2 - Explore the Site to Site Dashboard and Try the Packet Tracer
- Navigate to Overview > Dashboards > Site to Site VPN.
- Explore the three sections of the dashboard: Tunnel Summary, Topology, Topology Table. Notice that there are 2 Active Connections currently.
- Hover over the Eye Icon as highlighted to View full information of the connection.
- In the first tab, you'll find General information regarding the connection.
- In the second tab, you'll find a detailed info on the status and outputs of the Node CLIs
- In the third tab, you'll find the Packet Tracer with a diagram and options to Configure Trace. Click on See Detailed Config to expand additional info and option like choosing the protocol.
- Populate the Trace Configuration with the following options:
- NGFW1:
- Ingress Interface: in10, Protected Network IP Address: 172.16.13.2
- NGFW3:
- Ingress Interface: in10, Protected Network IP Address: 100.100.100.1
- Then click Trace Now.
- NGFW1:
- Once the trace is complete, you should see the results in the same panel as highlighted below.
- On clicking over any of the Traces, you will be able to see a list of phases along with their timings in the trace. You can also click on each phase to get an even more detailed information.
Task 3 - Disable DVTI12 to take a look at an Inactive Tunnel in the Dashboard
- Navigate to Devices -> Device Management.
- Click on the Pencil Icon in the NGFW1 row to edit the Interfaces of the device.
- Click on the Pencil Icon in the Virtual-Template12(DVTI12) interface row to edit the DVTI12 Interface.
- In the dialog box, uncheck the Enabled checkbox. Then click OK.
- Click Save to save the changes made.
- At the top of the web page, click Deploy > Deploy All.
Note
You might get Validation Warnings when after you click on Deploy All. Make sure to check the Ignore Warnings option and press the Deploy button again to force the deployment.
- Once the deployment is complete, navigate back to Overview > Dashboards > Site to Site VPN.
- You should notice 1 Active and 1 Inactive connections in the Site to Site VPN Dashboard since we disabled the DVTI12 interface in NGFW1. Also, in the Topology section, there are three columns indicating the connection status:
- Red: Indicates inactive
- Green: Indicates active
- Yellow: Indicates that no data has been received from the device for the tunnel status
Note
It may take up to five minutes for the updated status to reflect in the dashboard.
Tell us how we are doing
We are doing our best to ensure the scenarios in this lab guides are useful, clear and work as expected.
Please share your thoughts to help us improve or fix any problems you may run into..
Click here to provide your feedback or report an issue with this guide
Updated 5 months ago