My current setup has an ASA and a VPN3k with a public IP in the DMZ. I've successfully tested using the ASA to terminate VPN connections and am planning on how best to retire the VPN3k.
Here is an example using private range IPs to represent the public IPs:
VPN3k IP - 192.168.100.1
ASA outside interface IP - 192.168.0.1
As a temporary measure could I re-direct traffic bound for the VPN3k's public IP to to the ASA's outside interface IP so that the ASA will then terminate the VPN connections? I realize I'll have to re-create the groups on the VPN3k to tunnel groups on the ASA. I'm thinking something like this:
static (DMZ,outside) interface 192.168.100.1 netmask 255.255.255.255
Will this work?