cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1420
Views
5
Helpful
3
Replies

Add additional host to IPSEC connection on ASA

CiscoPurpleBelt
Level 6
Level 6

So if I have a IPSEC connection allowing let's say local source addresses 10.10.10.10 and 11.11.11.11 to remote end of tunnel 100.1.1.1, and want to add 12.12.12.12 as an addition source host on my local end, do I just make the update under "Local Network" if making the changes in the ASDM? Will that automatically update the crypto map/ACLs?

If I were to update this via CLI, I would just add the new subnet/host to the interesting traffic ACL correct?

3 Replies 3

GRANT3779
Spotlight
Spotlight
You would include this like you say within your interesting traffic ACL. You should ensure the remote end has the new host included also as part if their encryption domain back to you.

Yes, once you updates from asdm it will update the crypto acl but the
tunnel has to be restarted for the new entry to be included in IPsec sa

Ok great! Restarted meaning generate interesting traffic?
Also, currently have manual NAT statements translating the current 2 local source addresses to static original. I would need to add the new host IP to this statement as well correct? Since it is just translating to self/original, is this to make sure the 2 source addresses are not NATTED?
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: