Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
666
Views
0
Helpful
3
Replies

Migrating to new ISP.

forman102
Level 1
Level 1

‎01-03-2012 07:37 AM - edited ‎03-07-2019 04:08 AM

Hello everyone,

I currently have the following set up (excuse my quick drawing):

                                        --------------Vendors VPN Router----                                                           

                                        |    ------Cisco 3000 VPN------        |                                                                        

                                        |    |                                   |        |

                         Private Network-------ASA5510---------Pub Switch------Cisco Router 2x T1

                                                                                                                                                              

                                                                                         

I've been tasked with migrating to the new ISP, which provides us with Cisco ME-3400E switch and /26 public subnet. I currently have 15 static NATs and 14 L-2-L VPN tunnels configured in ASA. Is there a way to configure additional Outside int on ASA and use it to migrate the existing VPN tunnels and static NATs? I'm trying to avoid downtime and hope to do it step by step. I'm thinking about adding additional Public switch, so I can also migrate vendor's router and VPN concentrator, which need to be in parallel to ASA. Assuming that this is possible I'd would like to do the following:

1.Configure and connect additional Outside Interface on ASA - public IP address and ACLs

2.Connect it to additional "Public switch", which would be configured with public IP address and connected to new ISP's Cisco ME-3400E.

3.Migrate my VPN tunnels and static NATs.

4.Migrate vendors equipment/VPN concentrator

5.Update my global NAT pool

6.Shut down old ISP

Is this possible? Any help is greatly appreciated.

Thank you,

forman     

Labels:
0 Helpful
3 Replies 3

mvsheik123
Level 7
Level 7

‎01-03-2012 01:22 PM

Yes.This works. The steps you mentioned will work. Make sure to point any static routes on ASA to new outside (outside2) interface when moving the VPN tunnels. However, it is always recomended to make any production changes during the mainteanance window.

hth

MS

0 Helpful

forman102
Level 1
Level 1
In response to mvsheik123

‎01-05-2012 01:28 PM

So this is doable without one major cut-over/downtime? For instance, migrating one VPN tunnel at the time...Have you been involved in similar scenario?

0 Helpful

mvsheik123
Level 7
Level 7
In response to forman102

‎01-06-2012 10:16 AM

So this is doable without one major cut-over/downtime?

-->Yes but there is minor disruption involved when you change VPN peer IPs & routes.

Have you been involved in similar scenario?

I moved to new ISP in one Maintenenace window.

All the best.

Thx

MS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card