[c-nsp] ASA VPN migration

Garry gkg at gmx.de
Sat Feb 5 00:45:54 EST 2011


Hi,

I have a customer ASA which needs to migrate VPNs from one network IP to
another. In order to keep outages down to a minimum, VPNs are to be
migrated one by one. I was wondering if this is at all possible ... to
start off with, I'd have to set up a second outside interface (which in
itself works, tagging it on another VLAN, and setting up the router with
another VLAN link). But with no PBR available, I'm not sure if the
routing to the outside will even work correctly ... and even if that
does work, would the ASA even be able to source VPNs from multiple IP
addresses...

So, should I just ditch the whole idea and tell the customer to just get
the remote sites organized so they can be migrated in a batch? (which
would be my intent to start off with)

-gg


More information about the cisco-nsp mailing list