Summary: I have a hub ASA with tunnels to multiple spoke sites. I have been tasked with migrating the tunnels to a new hub firewall in another datacenter. What is the best way to arrange the cutover?
Detail: In our old datacenter we have an ASA firewall acting as the hub for multiple spoke sites, all hosting their own ASAs. We are migrating this to a FTD NGFW in a new datacenter.
If possible, I would like to set up the migration in a structured way so that I establish the new tunnels concurrently with the old ones, and then cutover the tunnels one at a time with the option to fail back if there is a problem. In effect, there would be two different tunnels with different security settings between them, both with the same interesting traffic set, with the old tunnel having priority/being active until the cutover.
I'm having trouble finding documentation on how to set this up. Any advice?
No comments:
Post a Comment