So the scenario that I am mulling over right now, is that we have a remote anyconnect setup running off of an out of date ASA (legacy device) and so the company has agreed to purchase two x series asa's to use an up to date code version, and we will upgrade to anyconnect 4.5 at that time to.
In my mind, the idea situation would be to have the new setup already running under a test.vpn.company.com address, and select specific users to login and test that vpn, and report back any issues, and once we are confident in the setup just point our dns at the new device and everything is smooth and efficent.
However, we do have a small caveat that I'm not sure if it will be a problem, several of our vpn users have static ip addresses given to them through ACS. If those users use the testvpn, how would we know to route the traffic back to the new asa instead of the old asa?
Maybe I don't understand routing enough to know if it would be a problem or not, so I wanted to check here and see if anyone had done something like this, or they had a solution that would work. If we built the configuration exactly like the current one, could we test this side by side with the existing ASA or would routing not work? Is there a way to make the route work in this scenario?
No comments:
Post a Comment