Hi Everyone,

I just recently purchased 3 MX65 devices to replace Cisco ASAs, and I'm going to deploy them one at a time. Now, I'm going to start with the HQ and then deploy the other 2 at the BO's. 

With this Meraki MX65 I can set up the site-to-site VPN to connect with non-Meraki devices, and the person I replaced never had a copy of the PSK on any of the ASAs or at least he said he didn't. I was able to recover the PSK by issuing a more system:running-config. But this being my first time ever attempting this I'm worried if the MX65 can't establish a connection to the other two sites, and if I go and re-connect the old ASA back up will the tunnels re-establish themselves? Or would I have to do something to make that happen? 

I don't have access to any equipment to lab this up, but I did try it on Packet Tracer and it worked for me there. I'm just nervous being that this is a production network and not a lab environment, that the unexpected could happen, and I would like to be prepared for that.

Any advice would be greatly appreciated.

Thanks

Btw, when I ran a show crypto isakmp sa on all the ASAs no IKEv2 SAs were found, only IKEv1 SAs. The BO's IKE peer was only to the HQ and the HQ had a 2 peers, the BO's .