cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1720
Views
0
Helpful
4
Replies

ASA best-practise for ASA remote-access import into CSM

r.spiandorello
Level 1
Level 1

Hi, I need to import a running ASA 8.2.1 remote-access vpn (IPSEC and svc) configuration into CSM 3.3sp1 without service impact.

During the last import and deployment test, I noted a lot of variation mada by CSM and service stop due to ip pool name mismatch.

How can I prepare the ASA configuration to avoid problems ?

thanks

rs

4 Replies 4

r.spiandorello
Level 1
Level 1

Hi, during the first deployment from CSM to the vpn ASA, I see many address pool with a changed name and the group policies are not updated with the same address pool name.

Also some group policy have changed names.

thanks

rs

Hi, I have found that in CSM-remote access-vpn-group-policy, there's no reference to IP pools while in ASA for each group-policy I use an "address-pools value ".

How to solve ?

thank you

rs

Hi, now I'm going to repeat the ASA VPN 8.2(4) import into CSM 4.2 sp1.

Do you have suggests ?

I have removed ip pools from tunnel-groups and I'm looking for any things to let CSM ASA import and management easy.

thanks

rs

Hi, I've imported the ASA 8.2(4) into CSM and the major issue is related to remote-access address-pools command in group-policy: it seems CSM doesn't support that command.

CSM asks to insert address pools in tunnel-group (connection profiles) and it wants to removes ip local pools too.

So what's the best solution for IP pools ?

Ip Pools configured only in tunnel-group and using objects in place of ip local pools ?

thanks

rs

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: