VPN CONCENTRATOR to ASA with NEW ISP + 26 Remote 871R

Unanswered Question
Feb 2nd, 2008
User Badges:

Looking to confirm my upgrade process.

1) VPN Concentrator to ASA 5520-Bun: I don't really have a question on this one.

2) The 26 Remote (using-local-ISP's) PtP VPN sites need four things changed to make the connection to the future ASA 5520 for PtP VPN:

i) crypto isakmp key address <NEW OUTSIDE ISP IP>

ii) crypto map / match address xyzdomian.vpn (DNS correctly changed to resolve to new ISP IP)

iii) "internet-in" ACL need to permit permit tcp 29x.1x3.18x.34 0.0.0.31 any eq 443

permit tcp 29x.1x3.18x.34 0.0.0.31 any eq 22

iv) "ACL 2" (SNMP and SSH) add new NAT Address of mgmt server(s)


My Plan:

Build the new configuration and save it as startup-config, tftp it to the first 871 R, and reload it.


If you see difficulties in this process please let me know, and/or provide addtional suggestions, or safer steps.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Anonymous (not verified) Thu, 02/07/2008 - 15:17
User Badges:

Check if configuration files from ASA can be TFTPed to 871 since I doubt the file format compatibility between ASA and 871. If it works its fine. If it doesnt configure it on a single 871 and TFTP it to other 871 routers.

Actions

This Discussion