Re: Site to site VPN- ASA to Juniper

anilkumar.cisco · ‎07-21-2021

Hello Team,

Can we create site to site tunnel without interesting traffic..

What do you mean by VPN will be up.. and later on we will divert the traffic.

How VPN will come up without traffic.. I am little bit confuse.

We are creating site to site tunnel between Cisco ASA 9.12(4) in firepower 4100 series with remote end Juniper device.

Pawan Raut · ‎07-21-2021

Encryption domain has to present to complete VPN setup also from ASA side you can do the packet tracer and bring the VPN up without actual traffic.

please rate for helpful post

anilkumar.cisco · ‎07-21-2021

Thanks Pawan for your response..

Actually we are upgrading our existing VPN from IKEv1 to IKEV2 version with new remote IP address.

Here encryption domain is same in old VPN and also in new VPN. for both our side and remote site firewall as well.

we don't want to disturb the existing VPN traffic but at the same time would like to up new VPN Site to site tunnel as well

Now the customer is saying,

do the configuration in two stage

in first stage , pls make VPN up and 2nd stage (later on) , divert the traffic.

So I am confuse here.. because my encryption domain will be same.. how i will test the new VPN without interesting traffic.

Pawan Raut · ‎07-21-2021

You can use dummy IPs in encryption domain while creating new vpn at both end to bring the new VPN up and later during cutover can replace with actual encryption domain.

but wondering are you guys using different peer IP for ikev2 vpn?

anilkumar.cisco · ‎07-21-2021

Yes, remote peer IP is different.. my side source will be remain same

I am wondering.. how with dummy IP the tunnel will come up??

Pls advise.