Re: VPN Clients migration to new public IP

bamnocadmin · ‎05-18-2009

Hello,

I'm looking for elegant solution to migrate VPN Clients to new public IP.

I have PIXs (public IP x.x.x.1) and Concentrator (x.x.x.2) to be replaced with ASA. All VPN Clients (~200 users) preconfigured with x.x.x.2.

What is the best way (minimum impact) to â€œcombineâ€ PIX and Concentrator in this case?

I see couple options here:

1. reconfig clients with new IP (manually or to push new config);

2. Config x.x.x.2 on ASA, but I do not think it's possible to have IPs from same network on different interfaces;

3. Is there â€œforward IP to IPâ€ option?

4. Have ASA and Concentrator running and to reconfig end users manually

5. Subnet public network.

What do you think?

Thanks,

S

Farrukh Haroon · ‎05-24-2009

First check if everything is working fine on the ASA, by testing it with 2-3 clients (preferably different OS like XP,Vista etc.)

I guess you don't want to change the configuration of the VPN clients (recommended), schedule a downtime and shift the IP from the VPNC to the ASA. If something goes wrong, just unplug the ASA and connect the VPNC back until you fix things :)

That said, its not so difficult to email/publish a new .pcf file for users. Just make sure your current VPN client version is compatible with the ASA:

http://www.cisco.com/en/US/docs/security/asa/compatibility/asa-vpn-compatibility.html

Please rate if helpful

Regards

Farrukh

bamnocadmin · ‎05-27-2009

hello,

You said "shift the IP from the VPNC to the ASA". How do I assign, for example, 10.10.10.2 to ASA interface if I already have 10.10.10.1 on "outside"?

Thanks.

Farrukh Haroon · ‎05-27-2009

Can't you change it from 10.10.10.2 to 10.10.10.1?

Regards

Farrukh