Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
868
Views
0
Helpful
7
Replies

New to ASA's Need some advice on getting it to work

Go to solution
barryrosenhouse
Level 1
Level 1

‎05-06-2022 04:49 AM

Took a cisco ASA 5505 from another site and installed in a new site, changed the ip's on the 5505 inside and outside, but I dont know what to add to the headquarters 5515 to get vpn light on remote asa. Please help!!!!! We have an engineer at the remote site for a short period of time. I can provide a config if that helps.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP

‎05-06-2022 04:52 AM - edited ‎05-06-2022 12:59 PM

you mean the IPSec VPN modify after change the IN/OUT interface IP ??

If that what you ask then 
change the NAT exemption <-since you change the IN subnet 
change the ACL of IPSec <- since you change the IN subnet 
change the IPSec Peer IP <- since you change the OUT 

View solution in original post

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to barryrosenhouse

‎05-07-2022 01:43 AM

Not sure if this is resolved. If not here are some suggestions:

- on the ASAs at the new site there might be some route statements that need to be changed.

- on the ASAs at the new site it would be good to examine the config for any statements that reference the addressing of the subnet of the outside interface and the addressing of the inside interface.

- on the head end ASA there might be some route statements that need to be changed (check especially for any references for the subnets of the previous remote ASA).

- on the head end ASA there might be some statements in vpn config that need to be changed (check especially for any references for the subnets of the previous remote ASA).

- on the head end ASA it would be good to examine the config for any statements that reference the addressing of the subnet of the outside interface and the addressing of the inside interface of the previous remote site.

 

HTH

Rick

View solution in original post

0 Helpful
7 Replies 7

Go to solution
MHM Cisco World
VIP
VIP

‎05-06-2022 04:52 AM - edited ‎05-06-2022 12:59 PM

you mean the IPSec VPN modify after change the IN/OUT interface IP ??

If that what you ask then 
change the NAT exemption <-since you change the IN subnet 
change the ACL of IPSec <- since you change the IN subnet 
change the IPSec Peer IP <- since you change the OUT 

0 Helpful

Go to solution
barryrosenhouse
Level 1
Level 1
In response to MHM Cisco World

‎05-09-2022 05:40 AM

Ok thx

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to barryrosenhouse

‎05-09-2022 09:09 AM

I am glad that our suggestions have been helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick
0 Helpful

Go to solution
Kasun Bandara
VIP
VIP

‎05-06-2022 04:54 AM

if you are looking to have site-to-site vpn between HO and remote site, use below guide by replacing your required IP addresses and networks.

https://packetlife.net/blog/2011/jul/11/lan-lan-vpn-asa-5505/

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
0 Helpful

Go to solution
barryrosenhouse
Level 1
Level 1
In response to Kasun Bandara

‎05-06-2022 05:02 AM

I will def check this out - thx - will let you know

 

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to barryrosenhouse

‎05-07-2022 01:43 AM

Not sure if this is resolved. If not here are some suggestions:

- on the ASAs at the new site there might be some route statements that need to be changed.

- on the ASAs at the new site it would be good to examine the config for any statements that reference the addressing of the subnet of the outside interface and the addressing of the inside interface.

- on the head end ASA there might be some route statements that need to be changed (check especially for any references for the subnets of the previous remote ASA).

- on the head end ASA there might be some statements in vpn config that need to be changed (check especially for any references for the subnets of the previous remote ASA).

- on the head end ASA it would be good to examine the config for any statements that reference the addressing of the subnet of the outside interface and the addressing of the inside interface of the previous remote site.

 

HTH

Rick
0 Helpful

Go to solution
barryrosenhouse
Level 1
Level 1

‎05-09-2022 05:40 AM

Thanks much

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card