If you don't know what you're doing hire a trained engineer!
VPN filter for Site to site VPN is not supported from GUI in Firepower. see CSCvj86972
You have to create a new policy and attach it to tunnel-group.
Create your VPN configuration and save it.
Assuming that Remote VPN peer IP = 10.10.10.10
Do the following:
1) Under objects create an extended access list to be used as VPN Filter with the name VPN_FILTER, this ACL is your actual VPN filter and will be attached to your VPN tunnel.
2) On the same page under Flexconfig-> Text Object Create a new text object for your tunnel group IP as Single and assign a value of 10.10.10.10 (replace with your peer IP)
3) Under Flexconfig Object create a new object with Deployment: "Everytime" and Type: "Append"
4) Insert a new policy object -> Extended ACL object and choose your created ACL
5) Insert a new policy object -> Text Object and choose your previously created "TUNNEL_GROUP"
6) Copy and paste the following to flex config window
Note: adjust any vpn attributes here except the vpn-filter value
group-policy VPN_FILTER_POL internal
group-policy VPN_FILTER_POL attributes
vpn-idle-timeout 30
vpn-idle-timeout alert-interval 1
vpn-session-timeout none
vpn-session-timeout alert-interval 1
vpn-filter value $VPN_ACL
vpn-tunnel-protocol ikev1 ikev2
tunnel-group $VPN_TUNNEL general-attributes
default-group-policy VPN_FILTER_POL
Your config should look like this
7) Now attached the configured policy to you flex config for the specific device under Devices -> FlexConfig (If you dont have a policy create a new one, assign it to the proper device and insert the FLEX_VPN_FILTER found in user defined policies).
8) Save and deploy!
