ASA best-practise for ASA remote-access import into CSM

Unanswered Question
Dec 16th, 2009

Hi, I need to import a running ASA 8.2.1 remote-access vpn (IPSEC and svc) configuration into CSM 3.3sp1 without service impact.

During the last import and deployment test, I noted a lot of variation mada by CSM and service stop due to ip pool name mismatch.

How can I prepare the ASA configuration to avoid problems ?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
r.spiandorello Thu, 04/08/2010 - 12:39

Hi, during the first deployment from CSM to the vpn ASA, I see many address pool with a changed name and the group policies are not updated with the same address pool name.

Also some group policy have changed names.



r.spiandorello Fri, 04/09/2010 - 07:00

Hi, I have found that in CSM-remote access-vpn-group-policy, there's no reference to IP pools while in ASA for each group-policy I use an "address-pools value ".

How to solve ?

thank you


r.spiandorello Fri, 04/27/2012 - 07:14

Hi, now I'm going to repeat the ASA VPN 8.2(4) import into CSM 4.2 sp1.

Do you have suggests ?

I have removed ip pools from tunnel-groups and I'm looking for any things to let CSM ASA import and management easy.



r.spiandorello Thu, 05/03/2012 - 03:46

Hi, I've imported the ASA 8.2(4) into CSM and the major issue is related to remote-access address-pools command in group-policy: it seems CSM doesn't support that command.

CSM asks to insert address pools in tunnel-group (connection profiles) and it wants to removes ip local pools too.

So what's the best solution for IP pools ?

Ip Pools configured only in tunnel-group and using objects in place of ip local pools ?




This Discussion

Related Content