VPN Clients migration to new public IP

Unanswered Question
May 18th, 2009
User Badges:


I'm looking for elegant solution to migrate VPN Clients to new public IP.

I have PIXs (public IP x.x.x.1) and Concentrator (x.x.x.2) to be replaced with ASA. All VPN Clients (~200 users) preconfigured with x.x.x.2.

What is the best way (minimum impact) to “combine” PIX and Concentrator in this case?

I see couple options here:

1. reconfig clients with new IP (manually or to push new config);

2. Config x.x.x.2 on ASA, but I do not think it's possible to have IPs from same network on different interfaces;

3. Is there “forward IP to IP” option?

4. Have ASA and Concentrator running and to reconfig end users manually

5. Subnet public network.

What do you think?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Farrukh Haroon Sun, 05/24/2009 - 05:56
User Badges:
  • Red, 2250 points or more

First check if everything is working fine on the ASA, by testing it with 2-3 clients (preferably different OS like XP,Vista etc.)

I guess you don't want to change the configuration of the VPN clients (recommended), schedule a downtime and shift the IP from the VPNC to the ASA. If something goes wrong, just unplug the ASA and connect the VPNC back until you fix things :)

That said, its not so difficult to email/publish a new .pcf file for users. Just make sure your current VPN client version is compatible with the ASA:


Please rate if helpful



bamnocadmin Wed, 05/27/2009 - 04:37
User Badges:


You said "shift the IP from the VPNC to the ASA". How do I assign, for example, to ASA interface if I already have on "outside"?


Farrukh Haroon Wed, 05/27/2009 - 05:17
User Badges:
  • Red, 2250 points or more

Can't you change it from to




This Discussion