10-08-2019 09:00 AM - edited 02-21-2020 09:45 PM
Hi
We have an ASA with multiple IPSEC VPNs to 3rd parties. We have now had a new public IP range presented on a new circuit which I have plugged into another interface on the ASA and configured this as Outside2.
Now I am looking to migrate the VPNs over to the new range one by one as I don't have access to the other end and will have to get the 3rd parties involved.
So in terms of routing, as I reconfigure the VPN for the new range which will use the new interface, do I need a static route for the peer IP out of the new gateway, and do I also need to point the internal IPs for the encryption domain out of the new interface?
ie if the remote ip range is 10.10.10.0/24, do I need a static route for that also with the next hop of the new gateway?
TIA
Solved! Go to Solution.
10-08-2019 09:21 AM
10-08-2019 02:46 PM
You will need a static route for both the public IP and the private IP. These can ofcourse be removed once all VPNs are moved over to the new interface and the old interface is ready to be taken down.
10-08-2019 09:21 AM
10-08-2019 02:46 PM
You will need a static route for both the public IP and the private IP. These can ofcourse be removed once all VPNs are moved over to the new interface and the old interface is ready to be taken down.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide