Hello,
I am migrating 13 ASAs, 1 MX100 for corporate location and 12 MX68 for remote branches. What would be the best way to configure the MX100 side by side with corporate ASA? I would like to have both the ASA and MX100 configured side by side, so when I start to deploy the remote branches, they will Auto site-to-site VPN. Once all branches were deployed I would remove the ASA in the corporate office.
Solved! Go to solution.
I'm currently doing such work with Cisco Router VPN, and this is my workflow for migration.
1. Install and configure MX100 as center VPN at corporate location. Next hop for branches is still ASA.
2. When a branch is migrated to Meraki, change branch LAN's next hop from ASA to MX.
3. After all branches are migrated to Meraki, remove ASA and have fun!
>What would be the best way to configure the MX100 side by side with corporate ASA?
100% yes.
I'm currently doing such work with Cisco Router VPN, and this is my workflow for migration.
1. Install and configure MX100 as center VPN at corporate location. Next hop for branches is still ASA.
2. When a branch is migrated to Meraki, change branch LAN's next hop from ASA to MX.
3. After all branches are migrated to Meraki, remove ASA and have fun!
That is how I would do it.
Do you have 2 Internet connections coming into your corporate office? Or are you setting up the MX100 in the one arm concentrator mode and then routing the remote meraki branches to the MX100?
Hi,
I had two Internet connections for HQ and each branch office.
ASA injects redistributed static route to the core switch, or you can create a generic branch office subnet(10.10.0.0/16) toward ASA.
Then create more specific static route (10.10.10.0/24 for Branch A, 10.10.20.0/24 for Branch B) to Meraki whenever you switch over onto it. That how I did for 80+ branches.
However, if I could do it again, I would set up a MX100 on a transparent mode so that I could use OSPF.