Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1614
Views
5
Helpful
3
Replies

Add additional host to IPSEC connection on ASA

CiscoBrownBelt
Level 6
Level 6

‎08-02-2019 09:23 AM - edited ‎02-21-2020 09:22 AM

So if I have a IPSEC connection allowing let's say local source addresses 10.10.10.10 and 11.11.11.11 to remote end of tunnel 100.1.1.1, and want to add 12.12.12.12 as an addition source host on my local end, do I just make the update under "Local Network" if making the changes in the ASDM? Will that automatically update the crypto map/ACLs?

If I were to update this via CLI, I would just add the new subnet/host to the interesting traffic ACL correct?

0 Helpful
3 Replies 3

GRANT3779
Spotlight
Spotlight

‎08-02-2019 09:44 AM

You would include this like you say within your interesting traffic ACL. You should ensure the remote end has the new host included also as part if their encryption domain back to you.
0 Helpful

Mohammed al Baqari
Level 11
Level 11

‎08-02-2019 10:48 AM

Yes, once you updates from asdm it will update the crypto acl but the
tunnel has to be restarted for the new entry to be included in IPsec sa

CiscoBrownBelt
Level 6
Level 6
In response to Mohammed al Baqari

‎08-06-2019 02:40 PM

Ok great! Restarted meaning generate interesting traffic?
Also, currently have manual NAT statements translating the current 2 local source addresses to static original. I would need to add the new host IP to this statement as well correct? Since it is just translating to self/original, is this to make sure the 2 source addresses are not NATTED?
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card