Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1110
Views
0
Helpful
1
Replies

Moving VPN's From One Site To Another

Dave Christman
Level 1
Level 1

‎03-13-2013 07:19 AM

Hello, I am in the process of moving remote access VPN's from one data center to another.  The public IP address is different in the other data center.  I am moving from one Cisco ASA to another Cisco ASA so devices are the same.  The types of RA VPN's are IPSEC, anyconnect, and SSL portal VPN's.  What would be the best way to do this?  Eventually the site where current VPN's are being moved from will have a different ISP, so we will lose IP address current IP address space there, and no more VPN's will be used there.

Labels:
0 Helpful
1 Reply 1

stojanr
Level 1
Level 1

‎03-13-2013 09:34 AM

Are your clients using a hostname or an IP address when establishing VPN connections? If it's a hostname, then you can just update the DNS record to point to the new address and you're done.

If it's an IP address, then you need to tell your clients to connect to the new endpoint. Both IPsec and Anyconnect clients support configuration of fallback/secondary addresses for clients to connect to if the primary VPN gateway is down: for the IPsec client, you need to modify the profile on each client and with Anyconnect, you can just push the new profile on clients' next connection.

For the ssl portal users, there is no easy way to switch if connecting to the ip address - you can modify their portal page to notify them about the migration for example.

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents