cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
476
Views
0
Helpful
1
Replies

How to change EasyVPN head-end server address?

andrew-hunt
Level 1
Level 1

We have a number of 5505 ASAs at remote sites all of which are configured to connect to one of two head-end servers.

Relevant config is:

vpnclient server a.b.c.d e.f.g.h

We need to change the primary head-end IP addresses.  At the moment devices are successfully connected to the secondary.

If we issue vpnclient server i.j.k.l e.f.g.h then the device drops off the network and won't reconnect until it is power cycled.

If we make the changes in ASDM using the GUI to remove the old primary and add in the new primary the ASDM says "No changes made"

Devices are running 8.2 and 8.4 code and behaviour is the same.

Question is, therefore, how to change head-end server IP addresses without the device disconnecting and not coming back up?  According to the configuration guide the ASA should cycle through the addresses every 8 seconds until it can connect - but it doesn't seem to do this as it won't connect to the good secondary head-end either!

Thanks,


Andrew.

1 Reply 1

mvsheik123
Level 7
Level 7

Hi Andrew,

I did similar change last year (while switching ISP at primary site) and having a continuous ping to remote 5505 inside ip (from head end PC) resulted in loss of connevity for few seconds. No reboot was done. Try that way.

hth

MS

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: