cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

698
Views
0
Helpful
0
Replies
Highlighted

Juniper SRX to Cisco ASA IPSEC VPN MIGRATION

Hello

currently i am working on Migration Project, where i need to migrate Juniper SRX to Cisco ASA.

I am stuck between middle of this project, while converting to IPSEC VPN.

Please find below details:

1. Juniper has configured route based and policy based vpn, route based vpn are based on tunnel interface and destination networks are pointing towards ST0 tunnel interface. VPN zone configured and used in Security policies.

2. I am facing problems mostly in policy based vpn, because clients has two links.

ISP1

ISP2

Three policy based vpn are configuration with interesting traffic, and vpn is applied on ISP1, but destination network are pointing to different interface. as per discussion with customer they have another mpls links, which traffic is going through. they have redundancy between mpls and vpn, when mpls link down traffic will go through vpn. two vpn are pointing towards 1 interface and third vpn are pointing towards second interface.

they have also configured RPM and ip monitoring where they are doing ICMP ping to peer ip,through ISP 1, when its down it will go through ISP 2.

security policies are present in juniper for both VPN and MPLS.

3. overall they have ISP redundancy for two VPN and Redundancy between MPLS and VPN also.. therefore they have configured policies for both.but specific routes (destination network) + interesting traffic for VPN next hop is router,  where mpls link terminated.but vpn are applied on ISP 1.

######

Cisco ASA:

1. I am not getting how to accommodate into Cisco ASA. because first thing about Route based VPN is I can not configure tunnel interface, I replaced next hop according to VPN is applied. how to identify interesting traffic for route based vpn?

2. How to configure ASA in that way where ISP redundancy should be applied and Configure Cisco ASA for MPLS and VPN Redundancy.

3. I can configure IP SLA for monitoring, but I am not getting which IP Should i track on which interface and backup routes with backup interface?

4. Is Policy based routing is supported in CIsco ASA 9.5, can pbr solve my problem?

5. How policy based VPN works, is it use default route for VPN Tunnel ?

Please help me out, if anyone encounter the same.

Thanks

Shubham

0 REPLIES 0
Content for Community-Ad