Solved: ASA VPN WAN connection

BradM19 · ‎06-28-2018

My company's Corporate office in Calgary, Alberta is switching ISP providers, which means we will need to configure the new global IP address for the Corporate office. The only problem is, I'm the only IT guy and I work out of Calgary. We have two branch offices, one in Leduc, Alberta, and one in Phoenix, Arizona. How could I go about changing the IP address on the Leduc and Phoenix Firewalls without physical being there? Once that global IP address is changed, I will lose connection to the other 2 firewalls.

Any suggestions on how this could be done would be much appreciated! And if you need any more information, let me know.

Thank you

Brad

Francesco Molino · ‎06-30-2018

Yep correct. I mean you're remote and you have 2 options:
- prepare a new config with new ISP, shutdown the old and bring up the new one. If you allowed ssh from outside then you're fine you can do the work remotely. If you can't ssh remotely then you can ask a local guy to do webex and make all changes.

- If you have 2 ISPs for few days, you can do all remotely and configure everything is parallel.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Francesco Molino · ‎06-28-2018

Hi

Before answering, can you tell if you will have both provider running in parallel for few days?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

BradM19 · ‎06-29-2018

So I asked the CEO if they were going to be running both providers parallel for a few days, as I just started with this company 2 weeks ago, and they told me yesterday they wanted to change providers. He said it was up to me. I did tell him how if we just switched to the other provider and cut off the current provider right at the same time the vpn tunnel would go down.

So, I think I might know where you going with this, and would that be to configure two tunnels? Using ssh to connect to the Leduc, and Phoenix ASA on the tunnel 1 and configuring a 2nd tunnel?

Francesco Molino · ‎06-30-2018

Yep correct. I mean you're remote and you have 2 options:
- prepare a new config with new ISP, shutdown the old and bring up the new one. If you allowed ssh from outside then you're fine you can do the work remotely. If you can't ssh remotely then you can ask a local guy to do webex and make all changes.

- If you have 2 ISPs for few days, you can do all remotely and configure everything is parallel.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

BradM19 · ‎06-30-2018

Thank you for the help. This is my first job in IT, so I really appreciate your advice. I don't know if I would have thought of running both providers parallel for a few day's.

I can SSH in remotely to both site's, so that's what I'll do.

Thanks again,

Brad

Francesco Molino · ‎07-01-2018

You're welcome.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

IsmatSahar · ‎07-02-2018

Thanks, appreciated. it helped me out also.