Solved

best way to reconfigure ASA 5505 for new Static IP that has VPN's configured

Posted on 2009-05-19
5
274 Views
Last Modified: 2013-12-14
Hi Experts.  Working with a mid size company (3 VPN sites) that is in a process of switching ISP vendors(each site) They are using Cisco ASA 5505 on each end.  One site has a frame relay that will be transfered to VPN. What would be the best way to reconfigure routers for the new ISP.
0
Comment
Question by:mtryka
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 24422261
No easy way to do this....   It's going to be a hard cutover.   Will you have modem access to the firewall console or some other secondary connection?   Will there be a competent person on the far end?   If not, then you need to build the code and quadruple check it before deploying to the remote ASAs.    

Remote's 1st, update the peer address.  Don't write mem.  
Then local, update peer addresses.  

Then the long wait until the tunnels rebuild.  

If everything comes up, write mem.   If not, then a asa reboot gets you back to the original config for another attempt.  

I've done a few IP changes with no secondary access and its the longest 90 seconds you can experience until the devices come back up....  
0
 

Author Comment

by:mtryka
ID: 24425487
All sites\buildings have system that i can logmein to (remotely access ASA console) if that helps.
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 24426672
Sure does take the pressure off.   If something is messed up in the ASA config, you aren't cut off from the console or the ssh....  
0
 

Author Comment

by:mtryka
ID: 24426699
If posting ASA Configs would help i would be willing to.  Let me know if that helps.  
0
 
LVL 33

Accepted Solution

by:
MikeKane earned 125 total points
ID: 24432047
Go ahead and post...  but the only thing you really need to do is change the IP address on the outside interface to match the new scheme and then change the peer addresses on each endpoint to match the new HQ outside IP.    

If you have remote access to each console port on all endpoints, then its easy.  

0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question