cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


369
Views
5
Helpful
3
Replies
Contributor

Add additional host to IPSEC connection on ASA

So if I have a IPSEC connection allowing let's say local source addresses 10.10.10.10 and 11.11.11.11 to remote end of tunnel 100.1.1.1, and want to add 12.12.12.12 as an addition source host on my local end, do I just make the update under "Local Network" if making the changes in the ASDM? Will that automatically update the crypto map/ACLs?

If I were to update this via CLI, I would just add the new subnet/host to the interesting traffic ACL correct?

3 REPLIES 3
Frequent Contributor

Re: Add additional host to IPSEC connection on ASA

You would include this like you say within your interesting traffic ACL. You should ensure the remote end has the new host included also as part if their encryption domain back to you.
VIP Advisor

Re: Add additional host to IPSEC connection on ASA

Yes, once you updates from asdm it will update the crypto acl but the
tunnel has to be restarted for the new entry to be included in IPsec sa
Contributor

Re: Add additional host to IPSEC connection on ASA

Ok great! Restarted meaning generate interesting traffic?
Also, currently have manual NAT statements translating the current 2 local source addresses to static original. I would need to add the new host IP to this statement as well correct? Since it is just translating to self/original, is this to make sure the 2 source addresses are not NATTED?