cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
455
Views
0
Helpful
1
Replies

ASA 5510 how to change Site-to-site Public IP?

Comlabs2007
Level 1
Level 1

I have an ASA with a site to site VPN up and running fine.

Unfortunately AT&T needs to change my default Public IP as part of a speed upgrade.

I have a full Class C of Public IP addresses that will not change and would like to move the VPN from  the default Interface IP but don't see a way to change it in ASDM .

How do I attach my VPN to a different Public IP?

Thanks

Bill

1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

The ASA can only use the IP address configured on its actual interface as the IP address for VPN. In other words this interface IP address is the only IP address the remote sites/users can use to form connection to the ASA with VPN.

I gather that the /24 subnet is just routed towards your current public IP address which is about to change.

I guess in this case you would have to start either using the new public IP address that is going to be changed to the "outside" interface or configure the /24 subnet and one of its IP address to your "outside" interface and use it for the VPN connections.

I am not sure how the interface configuration change is done through ASDM. I am sure it has its own section for it in the Configurations.

Naturally on the CLI you would go under the interface configuration mode and change it. Naturally this is a change that should be done during a maintanance break as it will cause a small outage in the connections. Naturally the changed IP address would have to be taken into consideration in the remote destinations VPN devices. I guess it might even be possible to configure the new IP address beforehand as a secondary peer IP address in the L2L VPN configurations of the remote VPN devices.

- Jouni

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: