Background: A client has been hitting the host limit for his license on a Cisco ASA 5505. The license has a max of 50 clients that can access the internet, the 51st connection gets dropped. He has been wanting to get rid of this firewall and this issue put him over the edge.
The new firewall has come in and we want to get it up and running fairly quick, but the ASA manages a few site-to-site VPN tunnels. We don't have the info for those tunnels, and we expect it to be a pain.
Question: Is it possible to setup the new firewall and have the ASA still manager these VPN connections until we have more info?
I've been running into wall after wall with this client trying other workarounds to buy more time.
Best Answer
If you want to keep the ASA for the L2L tunnels you could assign a second public IP to the new firewall and not modify the ASA. Then set your default route to the new firewall and add routes for the L2L traffic to go to the ASA.
Though the easiest way would be to recover the VPN config off the ASA and use a single device. You can view the pre shared keys with:
Source