Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1118
Views
0
Helpful
2
Replies

Change IP on ASA 5505

Go to solution
scooter817
Level 2
Level 2

‎04-11-2011 12:31 PM

Hi All

I wanted to know if someone can point me in the right direction as how to do below listed question.I'm working with a small shop in my town and they asked me to do this  and i didn't want to do anything until i was for sure i was right in what i was doing.Thanks in advance for all your help and have a great day.

"I need to have the VPN tunnel existing IP addresses changed on the ASA 5505 to the new ones that i have."

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mvsheik123
Level 7
Level 7

‎04-11-2011 12:52 PM

Hello,

You need to make sure but it sounds like they may be changing the public IP (WAN ip) on their and your ASA 5505 may be terminating the VPN tunnels on the current ip. Ex:

If the WAP ip of Remote office ASA/VPN Conc is : 2.2.2.2

your ASA 5505 Lan-Lan tunnel may have config something similar to...

crypto map 10 match address
crypto map 10 set peer 2.2.2.2 --> Other end IP

crypto map 10 set transform-set

!

tunnel-group 2.2.2.2 type ipsec-l2l
tunnel-group 2.2.2.2 ipsec-attributes
pre-shared-key *
!

Again.. it all depends on what type of tunnel you have.

All you need to do is..

!
no crypto map 10 set peer 2.2.2.2

crypto map 10 set peer 3.3.3.3 --> New IP

!

tunnel-group 3.3.3.3 type ipsec-l2l
tunnel-group 3.3.3.3 ipsec-attributes
pre-shared-key *
!

You need the Pre shared key (or use more system:running config to find the key). The above solution may not be accurate in your scenario.

hth

MS

View solution in original post

0 Helpful
2 Replies 2

Go to solution
mvsheik123
Level 7
Level 7

‎04-11-2011 12:52 PM

Hello,

You need to make sure but it sounds like they may be changing the public IP (WAN ip) on their and your ASA 5505 may be terminating the VPN tunnels on the current ip. Ex:

If the WAP ip of Remote office ASA/VPN Conc is : 2.2.2.2

your ASA 5505 Lan-Lan tunnel may have config something similar to...

crypto map 10 match address
crypto map 10 set peer 2.2.2.2 --> Other end IP

crypto map 10 set transform-set

!

tunnel-group 2.2.2.2 type ipsec-l2l
tunnel-group 2.2.2.2 ipsec-attributes
pre-shared-key *
!

Again.. it all depends on what type of tunnel you have.

All you need to do is..

!
no crypto map 10 set peer 2.2.2.2

crypto map 10 set peer 3.3.3.3 --> New IP

!

tunnel-group 3.3.3.3 type ipsec-l2l
tunnel-group 3.3.3.3 ipsec-attributes
pre-shared-key *
!

You need the Pre shared key (or use more system:running config to find the key). The above solution may not be accurate in your scenario.

hth

MS

0 Helpful

Go to solution
scooter817
Level 2
Level 2
In response to mvsheik123

‎04-12-2011 10:37 AM

You know i just spoke to the end user about the ASA that we are doing tomorrow and yeah it's pretty much just what you said.

they have an MRI machine that needs to talk back to GE and all they want done is to chage out the old IP address for the new ones.

I will let you know how it goes and thanks for your help.

0 Helpful
Customers Also Viewed These Support Documents