Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2436
Views
0
Helpful
1
Replies

Asa 5510 Os 8.03 change Ipsec tunnel ip endpoint in CLI

dmooreami
Level 3
Level 3

‎03-30-2012 10:44 AM - edited ‎02-21-2020 05:59 PM

I have an ipsec tunnel  IP is changing from mythical 200.200.200.182 to 200.200.200.254. 

Is it possible to change the .182 ip in  below config via the CLI to .254 and have the site-to-site vpn continue to work?

crypto map asafw 6 match address outside_6_cryptomap_1

crypto map asafw 6 set pfs

crypto map asafw 6 set peer 200.200.200.182

crypto map asafw 6 set transform-set ESP-AES-128-MD5

crypto map asafw 6 set security-association lifetime seconds 28800

crypto map asafw 6 set security-association lifetime kilobytes 4608000

tunnel-group 200.200.200.182 type ipsec-l2l

tunnel-group 200.200.200.182 ipsec-attributes

pre-shared-key dummyPresharekey

Will doing a :

no crypto map asafw 6 set peer 200.200.200.182

crypto map asafw 6 set peer 200.200.200.254

and

no tunnel-group 200.200.200.182 type ipsec-l2l

tunnel-group 200.200.200.254 type ipsec-l2l

tunnel-group 200.200.200.254 ipsec-attributes

pre-shared-key dummyPresharekey

achive what I am looking to accomplish?

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎03-31-2012 12:57 AM

Hi,

To my understanding you have to use the following commands

no crypto map asafw 6 set peer 200.200.200.182

no tunnel-group 200.200.200.182 ipsec-attributes

no tunnel-group 200.200.200.182

crypto map asafw 6 set peer 200.200.200.254

tunnel-group 200.200.200.254 type ipsec-l2l

tunne-group 200.200.200.254 ipsec-attributes

pre-shared-key dummyPresharedkey

Also if you have other attributes set to the original L2L VPN you have to remove them first before the actual tunnel-group and remember to configure them to the new VPN tunnel-group

There shouldnt be more to this to my knowledge.

Always good to take backups of your ASA configurations when you're not absolutely sure.

- Jouni

0 Helpful
Top