Looking to confirm my upgrade process.
1) VPN Concentrator to ASA 5520-Bun: I don't really have a question on this one.
2) The 26 Remote (using-local-ISP's) PtP VPN sites need four things changed to make the connection to the future ASA 5520 for PtP VPN:
i) crypto isakmp key address <NEW OUTSIDE ISP IP>
ii) crypto map / match address xyzdomian.vpn (DNS correctly changed to resolve to new ISP IP)
iii) "internet-in" ACL need to permit permit tcp 29x.1x3.18x.34 0.0.0.31 any eq 443
permit tcp 29x.1x3.18x.34 0.0.0.31 any eq 22
iv) "ACL 2" (SNMP and SSH) add new NAT Address of mgmt server(s)
My Plan:
Build the new configuration and save it as startup-config, tftp it to the first 871 R, and reload it.
If you see difficulties in this process please let me know, and/or provide addtional suggestions, or safer steps.