06-18-2007 12:23 PM - edited 03-11-2019 03:32 AM
I currently have an ASA5520 as my firewall and a 3005 VPN Concentrator in front of the firewall terminating VPN tunnels with a public peer address of say 1.2.3.4. The ASA 5520 also has a public IP address (say 1.2.3.6) in the same subnet as the public IP of the 3005 but on a separate physical interface on the ASA for direct access to the firewall for other Internet traffic.
We are wanting to consolodate the separate VPN and firewall functions into the ASA (getting rid of the 3005 and moving the VPN function to the ASA). The problem is we have a lot of customers using the 1.2.3.4 address(3005 public IP) to terminate their VPN tunnels. To have our customers all reconfigure their VPN tunnels would be a very large task.
So the question is can I have one physical ASA interface sharing multiple IP addresses--have 1.2.3.4 and 1.2.3.6 on the same physical interface (like a secondary IP but the peer VPN device would have to see the IP as 1.2.3.4)?
Thanks for the help.
06-18-2007 04:43 PM
Are the IP addresses hard coded or are you using DNS? You could start by migrating your users with a pcf file. (http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_administration_guide_chapter09186a00800bd98d.html)
Are your users on Active Directory?
Depending on how you do it you could script for the file to be downloaded through AD by OU or whatever method you use. This would migrate your users as you choose. Secondary IP wont be possible.
06-19-2007 09:55 AM
Thanks for the reply. I guess I wasn't specific enough on the VPN type. The VPN is a lan-to-lan VPN with our business partners using PSK. The peer address of the VPN on our end is hard coded as an IP address.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide