Hi all,
My company currently has an HQ and a DC in different states (I work out of the HQ). They are connected via MPLS currently with a backup VPN tunnel. The HQ has a pair of 2130 FTDs managed through a physical FMC onsite, and the DC has a pair of ASA 5525s. The DC is our primary endpoint for client VPN as well. We're doing an equipment refresh at the DC that is long overdue, and the goal is to replace the DC ASAs with new FTD 2130s that will (for now) be managed by the FMC in our HQ until we can order another secondary FMC for the DC.
I guess my question is, what is the most painless way to preconfigure the new FTDs to make them as plug and play as possible at the DC once we install them? The DC FTDs are currently physically at our HQ, so I have access to them and can stage them as much as necessary (along with a couple new core switches) in one of our racks.
From the research I've done I was thinking of just setting them up in an isolated lab with a public management IP temporarily that can be hit by the existing FMC, registering/licensing them and then configuring all of the necessary tidbits (client VPN/OSPF/Interfaces/Access Policies/etc.) that match our DC environment. Once it's ready to deploy I can change the outside IPs and set the management interface for an internal IP that can be managed via MPLS. Anything I should be worried about here, or does anyone have experience with a migration like this (FMC managed FTDs for a remote deployment). Thanks!
No comments:
Post a Comment