05-06-2022 04:49 AM
Took a cisco ASA 5505 from another site and installed in a new site, changed the ip's on the 5505 inside and outside, but I dont know what to add to the headquarters 5515 to get vpn light on remote asa. Please help!!!!! We have an engineer at the remote site for a short period of time. I can provide a config if that helps.
Solved! Go to Solution.
05-06-2022 04:52 AM - edited 05-06-2022 12:59 PM
you mean the IPSec VPN modify after change the IN/OUT interface IP ??
If that what you ask then
change the NAT exemption <-since you change the IN subnet
change the ACL of IPSec <- since you change the IN subnet
change the IPSec Peer IP <- since you change the OUT
05-07-2022 01:43 AM
Not sure if this is resolved. If not here are some suggestions:
- on the ASAs at the new site there might be some route statements that need to be changed.
- on the ASAs at the new site it would be good to examine the config for any statements that reference the addressing of the subnet of the outside interface and the addressing of the inside interface.
- on the head end ASA there might be some route statements that need to be changed (check especially for any references for the subnets of the previous remote ASA).
- on the head end ASA there might be some statements in vpn config that need to be changed (check especially for any references for the subnets of the previous remote ASA).
- on the head end ASA it would be good to examine the config for any statements that reference the addressing of the subnet of the outside interface and the addressing of the inside interface of the previous remote site.
05-06-2022 04:52 AM - edited 05-06-2022 12:59 PM
you mean the IPSec VPN modify after change the IN/OUT interface IP ??
If that what you ask then
change the NAT exemption <-since you change the IN subnet
change the ACL of IPSec <- since you change the IN subnet
change the IPSec Peer IP <- since you change the OUT
05-09-2022 05:40 AM
Ok thx
05-09-2022 09:09 AM
I am glad that our suggestions have been helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.
05-06-2022 04:54 AM
if you are looking to have site-to-site vpn between HO and remote site, use below guide by replacing your required IP addresses and networks.
https://packetlife.net/blog/2011/jul/11/lan-lan-vpn-asa-5505/
05-06-2022 05:02 AM
I will def check this out - thx - will let you know
05-07-2022 01:43 AM
Not sure if this is resolved. If not here are some suggestions:
- on the ASAs at the new site there might be some route statements that need to be changed.
- on the ASAs at the new site it would be good to examine the config for any statements that reference the addressing of the subnet of the outside interface and the addressing of the inside interface.
- on the head end ASA there might be some route statements that need to be changed (check especially for any references for the subnets of the previous remote ASA).
- on the head end ASA there might be some statements in vpn config that need to be changed (check especially for any references for the subnets of the previous remote ASA).
- on the head end ASA it would be good to examine the config for any statements that reference the addressing of the subnet of the outside interface and the addressing of the inside interface of the previous remote site.
05-09-2022 05:40 AM
Thanks much
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide