10-26-2012 03:36 PM - edited 03-11-2019 05:14 PM
I copied a Cisco 5510 startup-config to an identical Cisco 5510.
After copying through tftp, I executed a reload.
Everything looks good. Line by line compare results are the same.
The problem is I can no longer use ASDM or ssh to interface with Cisco 5510.
Telnet works fine.
I am fairly new to Cisco firewalls.
Please advise.
Solved! Go to Solution.
12-11-2012 04:33 PM
Can you teach me to create a or modify a point to point vpn?
Can I just edit the old VPN with new IP ADDRESS?
Please advise.
12-11-2012 05:01 PM
Hello Duong,
My pleasure
Can you share the VPN setup ( Crypto map and tunnel group you already have) Change the Ip peer to 2.2.2.2
Regards,
12-11-2012 05:19 PM
This is the ASA that will need to change the peer IP, the other ASA config will stay pretty much the same, except for the new IP that we have recieved.
Everything else should stay the same.
So basically, we will move and I need to make sure I can still establish a site to site vpn.
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-AES-128-SHA
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer 2.2.2.2
crypto map outside_map 20 set transform-set ESP-AES-128-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp identity hostname
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
tunnel-group Pleasanton type remote-access
tunnel-group Pleasanton general-attributes
address-pool Pleasanton
default-group-policy Pleasanton_1
tunnel-group Pleasanton ipsec-attributes
pre-shared-key xxxxxxxxxxxxxxxxxxxxxx
tunnel-group 2.2.2.2 type ipsec-l2l
tunnel-group 2.2.2.2 ipsec-attributes
12-11-2012 05:29 PM
Hello
So only do the following: Lets say new ip is 4.4.4.4
clear configure tunnel-group 2.2.2.2
tunnel-group 4.4.4.4 type ipsec-l2l
tunnel-group 4.4.4.4 ipsec-attributes
pre-shared key x.x.x.x
no crypto map outside_map 20 set peer 2.2.2.2
crypto map outside_map 20 set peer 4.4.4.4
Regards,
12-11-2012 06:52 PM
Thank you again!
I shall try this at end of the month when we move.
Now I feel prepared.
One more thing please.
I want to buy another 5510 to be on the safe side and use it as a back up later.
Can I create another VPN between the new Cisco and the one that we were talking about?
I only know how to use asdm.
Message was edited by: Duong Nguyen
12-11-2012 07:56 PM
Hello Duong,
Great, yes. That is all you need..
Let me know the result
Regards,
12-11-2012 08:40 PM
Hello,
It can be done, but if is going to be used as a backup why dont you use a failover cluster or why dont you set the same configuration on this box and have it ready to start working?
Let me know if I understood your query
Regards,
12-13-2012 07:15 PM
So you think its a good idea that I configure the new box. Create a new VPN tunnel between the 2 Cisco 5510s.
Then when I move I will just plug in and it should work. I guess a 5510 can have more than one tunnel created on it.
12-13-2012 09:44 PM
Hello Duong,
Exactly and of course more than one tunnel ( that is for sure)
Regards
12-22-2012 10:38 AM
I tried to create a remote access tunnel into the firewall, using asdm wizard but it didnt work.
Anyway I can just modify the old remote access tunnel ?
12-22-2012 11:08 AM
Hi,
Are you talking about the Remote Access VPN (IPsec or SSL/AnyConnect) or a Site to Site VPN?
In most cases I imagine you should be able to use the old configurations. Possibly need to remove some configurations and add new ones. Can say for sure until you have described the situation
I would be easier to see the configuration in CLI format to go through this.
MIght be even worth making a new post on these forums so the post doesnt contain extra information that is not related to the current problem.
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide