Is there any way to migrate an existing sites (vpn ) to a new ASA.
We have more than 50 offices connected to our main office, we have installed a new ASA firewall with a bigger pipe.
I need a way to migrate the offices that saves time (going to each and every office) and money (buying a new router and send it with the new config).
I was thinking of adding a new peer adress and kill the preshared key on the old VPN.
can some one please help me.
I would do the following if I were tasked with this project.
- Configure the new ASA with all of the tunnel-groups for the remote peers and the rest of the VPN configuration (crypto maps, ACLs, NAT, etc.)
- Login to the remote ASAs via the outside interface. Most organizations allow SSH/https to their firewalls from specific management IPs at the main site.
- Create a tunnel-group for the peer IP of the new ASA.
- Change the existing crypto map peer IP to point to the new IP address.
- On your network routing core at the main site, change/add an IP route for the remote site local subnets to point to the inside interface of the new ASA so all of your local networks can properly reach the remote sites.
That should be it. Thanks.