ASA to Meraki Migration

SOLVED
ewolf
Conversationalist

ASA to Meraki Migration

Hello,

 

I am migrating 13 ASAs, 1 MX100 for corporate location and 12 MX68 for remote branches.  What would be the best way to configure the MX100 side by side with corporate ASA?  I would like to have both the ASA and MX100 configured side by side, so when I start to deploy the remote branches, they will Auto site-to-site VPN.  Once all branches were deployed I would remove the ASA in the corporate office.   

1 ACCEPTED SOLUTION
Kamome
Building a reputation

I'm currently doing such work with Cisco Router VPN, and this is my workflow for migration.

 

1. Install and configure MX100 as center VPN at corporate location. Next hop for branches is still ASA.

001.png

2. When a branch is migrated to Meraki, change branch LAN's next hop from ASA to MX.

002.png

3. After all branches are migrated to Meraki, remove ASA and have fun!

003.png

View solution in original post

5 REPLIES 5
PhilipDAth
Kind of a big deal

>What would be the best way to configure the MX100 side by side with corporate ASA?

 

100% yes.

Kamome
Building a reputation

I'm currently doing such work with Cisco Router VPN, and this is my workflow for migration.

 

1. Install and configure MX100 as center VPN at corporate location. Next hop for branches is still ASA.

001.png

2. When a branch is migrated to Meraki, change branch LAN's next hop from ASA to MX.

002.png

3. After all branches are migrated to Meraki, remove ASA and have fun!

003.png

View solution in original post

PhilipDAth
Kind of a big deal

That is how I would do it.

ewolf
Conversationalist

Do you have 2 Internet connections coming into your corporate office?  Or are you setting up the MX100 in the one arm concentrator mode and then routing the remote meraki branches to the MX100?

Happiman
Building a reputation

Hi,

 

I had two Internet connections for HQ and each branch office.

ASA injects redistributed static route to the core switch, or you can create a generic branch office subnet(10.10.0.0/16) toward ASA.

 

Then create more specific static route (10.10.10.0/24 for Branch A, 10.10.20.0/24 for Branch B) to Meraki whenever you switch over onto it. That how I did for 80+ branches. 

However, if I could do it again, I would set up a MX100 on a transparent mode so that I could use OSPF.

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels