09-22-2022 07:10 AM
Hi Guys
I would like to copy all cryptos and its description from ASA firewall(we used to same customer name on description). Is there any option?
09-22-2022 07:25 AM
@NIKHIL M K copy to where? to do what with this information?
From the CLI you can run "show run crypto map" to gather the different crypto maps, you'd also probably want "show run tunnel-group" and "show run crypto" and "show run group-policy".
To get the pre-shared key, you'd need to run "more system://running-config", the pre-shared key will now be displayed in cleartext.
09-27-2022 07:17 AM
We are changing the ISP. Planning to download tunnel details to an excel then verify the active customer so that we only need to change the peer IP for them.
09-27-2022 07:22 AM
@NIKHIL M K if you are changing ISP, then you would need to change IP address of your outside interface and the default route next hop IP address. The third party that connects a VPN tunnel to your firewall would need to update their peer IP address to your new ISP IP address.
If you want to document the configuration, use the commands provided above. You could also run "show crypto ikev1 sa" or "show crypto ikev2 sa" and "show crypto ipsec sa peer <ip>" to determine what exact crypto algorithms were used to establish the tunnel.
09-27-2022 08:21 AM
Thank you. I will try this.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide