Meraki

FNK · ‎Aug 7 2018

I've inherited a network stack consisting of Meraki MS switches and an active/standby ASA 5508-X pair with firepower which sit on a primary fibre line with secondary ADSL backup. My current understanding is that the line fail over is handled by the WAN providers gear.

Long story short, I've not come across a mixed meraki switch and asa environment in such a small estate and in truth, the ASA configuration is overkill for what the client needs.

Has anyone had experience of moving from ASA and firepower, across to Meraki MX units in a similar active standby pair?

Is it easy enough to configure the Meraki units whilst the ASA units are still in use then switch everything over?

Adam · ‎Aug 7 2018

For one of my projects, we moved from 3 separate ASA's to a pair of MX's. If you want to do it while the ASA's are still in production you'll have to give the ASA's a separate LAN IP and selectively alter your layer 3 routes to point to the MX's instead of the ASA. This is a good way to gradually migrate routes and to test since you can be very selective with the routing.

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

PhilipDAth · ‎Aug 7 2018

The ASA's have considerably more configuration flexibility. They can do tricky site to site VPNs and handle complex user VPN requirements. They can also do complex NAT configurations.

The MX is very basic at all of these. As long as your ASA configuration is simple you can replace them with MX.

Meraki

Community

Migrating from ASA 5508-X with Firepower to MX64/84?

Migrating from ASA 5508-X with Firepower to MX64/84?