03-12-2014 06:42 AM
Hi,
Is there any way to migrate an existing sites (vpn ) to a new ASA.
We have more than 50 offices connected to our main office, we have installed a new ASA firewall with a bigger pipe.
I need a way to migrate the offices that saves time (going to each and every office) and money (buying a new router and send it with the new config).
I was thinking of adding a new peer adress and kill the preshared key on the old VPN.
can some one please help me.
Solved! Go to Solution.
03-12-2014 08:10 AM
Yes.
I would do the following if I were tasked with this project.
That should be it. Thanks.
03-12-2014 08:10 AM
Yes.
I would do the following if I were tasked with this project.
That should be it. Thanks.
03-13-2014 02:34 AM
Thank you for your help.
What you have mentined is the right way to do it, but what i need to do is like a failover plan, a crypto map with two peer address. by the way, the remote site is not an ASA, i have 800 router.
My question is : Can you create one creypto map with two peer address, if yes .
what i will do is the follwing ;
1- create the crypto map with two peer address.
2- change the preshared ket on the tunnel group on the main ASA (which mean the vpn will go down ) so it will jump to the second peer (which i have already configured on the second main ASA that i have recently implemented.
3- change the route on the core switch
The idea is not to have any down time at all.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: