Hey Guys,
I have a simple question that I am hoping someone here can chime in on. I have two sites right now, Las Vegas, and Los Angeles. At both these sites we have two ASA 5540s in HA handling VPN connections. The Las Vegas units were setup as a DR site (this whole setup was configured by the previous Net Eng) and the Los Angeles site is the primary.
The higher ups want Las Vegas to be the primary location now as Los Angeles will be dissolved. I noticed that the Las Vegas ASAs does not have the proper Mobile Connect license (it doesn't have one period) but the Los Angeles units do.
We can't find the proper license anywhere to enable Mobile Clients for the Las Vegas firewalls. So they want me to move the LA Firewalls to Las Vegas. I am hoping I can do this with with minimal downtime. This is my plan and I am just looking for some confirmation that it will work. This is the COA I am planing on taking.
I guess my main question is if I take the config from the Las Vegas ASA and load it to the LA unit will it work correctly?
Backup configuration of both the LA and Las Vegas ASAs
- Shutdown and unplug the secondary ASA 5540 in Los Angeles
- Leave Primary ASA 5540 Up and running.
- Load the Las Vegas backup configuration on the Los Angeles secondary ASA
- Verify that the Las Vegas configuration is properly loaded and working on the secondary ASA
- Ship/Take unit to the Las Vegas Office
- Backup and shutdown the Las Vegas ASAs
- Remove Las Vegas ASA 5540s
- Install the new primary ASA 5540 on the Las Vegas Rack and plug everything up
- Turn on unit and verify that it is accessible via the Management port
- Finalize configuration and external access to the ASA
- Test VPN connection and update DNS address
- Once DNS updates verify connection to the VPN via DNS address
- Logout all users from the LA ASA 5540
- Verify that end users are able to connect to the Las Vegas ASA and the DVRs
- Shutdown outside interface on LA ASA
- Remove old Las Vegas ASAs
No comments:
Post a Comment