Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
332
Views
0
Helpful
1
Replies

IPSec VPN Configuration Change

ravindra692
Level 1
Level 1

‎04-20-2018 07:43 AM - edited ‎03-12-2019 05:13 AM

Hello

 

I have two network objects "VPN_range" and "Remote_VPN_range" defining the same subnet on my ASA IPSec Firewall.

object network VPN_range

 subnet x.x.x.x 255.255.240.0

object network Remove_VPN_range

 subnet x.x.x.x 255.255.240.0

 

Both of these have the below NAT's

object network VPN_range

 nat (outside,outside) dynamic interface

object network Remote_VPN_range

 nat(Remote_VPN,outside) dynamic interface

 

Remote_VPN is one of the interfaces on my firewall. Now I want to keep one of the Network Objects and Remove the other duplicate network object from the configuration

Can you guys please help me on how to do this?

 

Thanks

Ravindra

Labels:
0 Helpful
1 Reply 1

Marius Gunnerud
VIP
VIP

‎04-20-2018 11:01 AM

You would need to check what configuration on the firewall is referencing the object you want to remove and then compare that configuration to what is being referenced by the other object.  If the configuration is not identical you will need to make a decision on if you need to move some of the configuration to the object group you plan on keeping.

 

Once you have completed all your planning, create a script removing all configuration referencing the object group you want to remove and the object group itself, and if necessary, create a script adding configuration you need to move from the removed object group to the one you will be keeping.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents