07-21-2021 06:04 AM - edited 07-21-2021 06:55 AM
Hello Team,
Can we create site to site tunnel without interesting traffic..
What do you mean by VPN will be up.. and later on we will divert the traffic.
How VPN will come up without traffic.. I am little bit confuse.
We are creating site to site tunnel between Cisco ASA 9.12(4) in firepower 4100 series with remote end Juniper device.
07-21-2021 06:22 AM
Encryption domain has to present to complete VPN setup also from ASA side you can do the packet tracer and bring the VPN up without actual traffic.
please rate for helpful post
07-21-2021 06:53 AM
Thanks Pawan for your response..
Actually we are upgrading our existing VPN from IKEv1 to IKEV2 version with new remote IP address.
Here encryption domain is same in old VPN and also in new VPN. for both our side and remote site firewall as well.
we don't want to disturb the existing VPN traffic but at the same time would like to up new VPN Site to site tunnel as well
Now the customer is saying,
do the configuration in two stage
in first stage , pls make VPN up and 2nd stage (later on) , divert the traffic.
So I am confuse here.. because my encryption domain will be same.. how i will test the new VPN without interesting traffic.
07-21-2021 07:21 AM
You can use dummy IPs in encryption domain while creating new vpn at both end to bring the new VPN up and later during cutover can replace with actual encryption domain.
but wondering are you guys using different peer IP for ikev2 vpn?
07-21-2021 08:46 AM
Yes, remote peer IP is different.. my side source will be remain same
I am wondering.. how with dummy IP the tunnel will come up??
Pls advise.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide