Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
325
Views
0
Helpful
1
Replies

VPN CONCENTRATOR to ASA with NEW ISP + 26 Remote 871R

mdreelan
Level 1
Level 1

‎02-02-2008 09:54 AM

Looking to confirm my upgrade process.

1) VPN Concentrator to ASA 5520-Bun: I don't really have a question on this one.

2) The 26 Remote (using-local-ISP's) PtP VPN sites need four things changed to make the connection to the future ASA 5520 for PtP VPN:

i) crypto isakmp key address <NEW OUTSIDE ISP IP>

ii) crypto map / match address xyzdomian.vpn (DNS correctly changed to resolve to new ISP IP)

iii) "internet-in" ACL need to permit permit tcp 29x.1x3.18x.34 0.0.0.31 any eq 443

permit tcp 29x.1x3.18x.34 0.0.0.31 any eq 22

iv) "ACL 2" (SNMP and SSH) add new NAT Address of mgmt server(s)

My Plan:

Build the new configuration and save it as startup-config, tftp it to the first 871 R, and reload it.

If you see difficulties in this process please let me know, and/or provide addtional suggestions, or safer steps.

Labels:
0 Helpful
1 Reply 1

Not applicable

‎02-07-2008 03:17 PM

Check if configuration files from ASA can be TFTPed to 871 since I doubt the file format compatibility between ASA and 871. If it works its fine. If it doesnt configure it on a single 871 and TFTP it to other 871 routers.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents