Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
701
Views
5
Helpful
3
Replies

Testing Anyconnect ASA

Go to solution
Boats
Level 1
Level 1

‎03-09-2020 07:55 AM - edited ‎03-09-2020 07:55 AM

Hi,

 

I need to replace the current Anyconnect ASA's we have in our DC's. They are newer models with different interface numbering so i can't just do a complete backup and restore from ASDM. I have instead manually copied the running config and changed the interfaces and then just restored all the certs, xml etc. This is my first attempt at replacing Anyconnect ASA's so i'm concerned if this will work correctly. What would be the best way to test/verify the VPN is working before putting it into production?

 

Thanks,

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎03-09-2020 08:39 PM

Hi

If you imported back all certificates (usually you have 1 public cert) and xml files (profiles, customization anyconnect), the rest is pure config.
The interface can change but the nameif will be identical which means your nat and webvpn will be ok if you've pasted it from previous device.
To test it, you can connect the outside interface of your new device to your lan, change the public ip to a lan private ip and try to connect using your anyconnect client but typing in the new private ip. Is that clear?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

3 Replies 3

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎03-09-2020 08:39 PM

Hi

If you imported back all certificates (usually you have 1 public cert) and xml files (profiles, customization anyconnect), the rest is pure config.
The interface can change but the nameif will be identical which means your nat and webvpn will be ok if you've pasted it from previous device.
To test it, you can connect the outside interface of your new device to your lan, change the public ip to a lan private ip and try to connect using your anyconnect client but typing in the new private ip. Is that clear?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
Boats
Level 1
Level 1
In response to Francesco Molino

‎03-11-2020 02:22 AM

Yeah that's perfect.

 

Thanks Francesco.

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to Boats

‎03-11-2020 09:03 PM

You're welcome

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents