Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN CONCENTRATOR to ASA with NEW ISP + 26 Remote 871R

Looking to confirm my upgrade process.

1) VPN Concentrator to ASA 5520-Bun: I don't really have a question on this one.

2) The 26 Remote (using-local-ISP's) PtP VPN sites need four things changed to make the connection to the future ASA 5520 for PtP VPN:

i) crypto isakmp key address <NEW OUTSIDE ISP IP>

ii) crypto map / match address xyzdomian.vpn (DNS correctly changed to resolve to new ISP IP)

iii) "internet-in" ACL need to permit permit tcp 29x.1x3.18x.34 any eq 443

permit tcp 29x.1x3.18x.34 any eq 22

iv) "ACL 2" (SNMP and SSH) add new NAT Address of mgmt server(s)

My Plan:

Build the new configuration and save it as startup-config, tftp it to the first 871 R, and reload it.

If you see difficulties in this process please let me know, and/or provide addtional suggestions, or safer steps.


Re: VPN CONCENTRATOR to ASA with NEW ISP + 26 Remote 871R

Check if configuration files from ASA can be TFTPed to 871 since I doubt the file format compatibility between ASA and 871. If it works its fine. If it doesnt configure it on a single 871 and TFTP it to other 871 routers.