I am new to ASA Firewall. I want to add remote Networks for an existing tunnel, but i have no idea how to go to the config of the existing tunnel from the command line, as there are multiple tunnels configured..
"show run crypto map | in <peer IP>" will give you the crypto map sequence_number that is associated with this peer where you want to add remote subnets.
Then, "show run crypto map | in <sequence_number>" will show you the access-list_name associated with the same peer.
Verify the access-list is correct using "show access-list <access-list_name>". Once the access-list name is verified, you can add the remote subnets.
P.S. Please rate helpful posts.
Thanks for the Quick Reply
Then, "show run crypto map | in <sequence_number>" will show you the access-list_name associated with the same peer. (its not showing accesslist associated )
what is the command to add remote subnet ?
Do i need to do NAT exclusion also?
Can you please paste the output of
show run crypto map | in <sequence_number> ?
To add remote subnet, add the following line to the existing ACL
e.g. access-list <access-list_name> extended permit ip source_network source_subnetmask destination_network destination_subnetmask
NSH-ASA/pri/act# show run crypto map | in 50
crypto map NSHVPN_map 50 match address NRLVPN
crypto map NSHVPN_map 50 set pfs group5
crypto map NSHVPN_map 50 set peer 94.X.X.156
crypto map NSHVPN_map 50 set ikev1 transform-set NRLSet
crypto map NSHVPN_map 50 set security-association lifetime seconds 86400
So the peer 94.X.X.156 is mapped to ACL NRLVPN
You can configure the following
access-list NRLVPN extended permit ip source_network source_subnetmask destination_network destination_subnetmask