Link to home
Start Free TrialLog in
Avatar of mtryka
mtryka

asked on

best way to reconfigure ASA 5505 for new Static IP that has VPN's configured

Hi Experts.  Working with a mid size company (3 VPN sites) that is in a process of switching ISP vendors(each site) They are using Cisco ASA 5505 on each end.  One site has a frame relay that will be transfered to VPN. What would be the best way to reconfigure routers for the new ISP.
Avatar of MikeKane
MikeKane
Flag of United States of America image
No easy way to do this....   It's going to be a hard cutover.   Will you have modem access to the firewall console or some other secondary connection?   Will there be a competent person on the far end?   If not, then you need to build the code and quadruple check it before deploying to the remote ASAs.    

Remote's 1st, update the peer address.  Don't write mem.  
Then local, update peer addresses.  

Then the long wait until the tunnels rebuild.  

If everything comes up, write mem.   If not, then a asa reboot gets you back to the original config for another attempt.  

I've done a few IP changes with no secondary access and its the longest 90 seconds you can experience until the devices come back up....  
Avatar of mtryka
mtryka

ASKER

All sites\buildings have system that i can logmein to (remotely access ASA console) if that helps.
Avatar of MikeKane
MikeKane
Flag of United States of America image
Sure does take the pressure off.   If something is messed up in the ASA config, you aren't cut off from the console or the ssh....  
Avatar of mtryka
mtryka

ASKER

If posting ASA Configs would help i would be willing to.  Let me know if that helps.  
ASKER CERTIFIED SOLUTION
Avatar of MikeKane
MikeKane
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial