cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
160
Views
0
Helpful
2
Replies
Highlighted
Beginner

Decommission VPN site

Hi there,

We have Site-To-SIte VPN (provisioned on both ASA HA active/standby on each site) between our HQ and one remote branch site. In two weeks time, we  will close that branch and commission the ASA HA firewall on that site. My question is there any particular (best practice) steps that I need to take in considerations with regard the existing configuration of site-2-site VPN on the HQ's ASA firewall?

Thanks 

2 REPLIES 2
Highlighted
Hall of Fame Guru

There would normally be a crypto map (which refers to an ACL defining interesting traffic), a NAT exemption rule and a definition for the peer. You should remove all of those configuration components on the HQ ASA.

Be sure to take a backup before and after to ensure you have a known good configuration to revert to in the event that you inadvertently remove something you shouldn't have. You can also compare them side by side (use something like examdiff) to confirm your work.

Highlighted
VIP Expert

If your side a HQ Hub type setup or  only point to point - need to to find out.

 

if you have many tunnels terminatiing at HQ on same ASA , then you need to be sure you removing the config related to that site.

 

1. turn off far end

2. remove ACL

3. remove tunnel config

 

 

 



BB


*** Rate All Helpful Responses ***

Content for Community-Ad