04-22-2014 08:09 AM
We have a few sites that all VPN to one ASA, that ASA is getting a new IP address, can i configure and new crypto map with a high sequence number with the same interesting traffic?
Will the ASA try that one if it cannot reach the old IP?
Solved! Go to Solution.
04-22-2014 11:29 AM
In crypto map VPN you must not introduce overlap, but you can add multiple peers to same crypto map entry. Or use a dynamic entry without any peer IP.
View solution in original post
04-22-2014 01:30 PM
Yes a tunnel group is needed with same pre-shared-key. apart from this, in crypto map, you can define it like this:
crypto map <crypto_name> <seq> set peer <ip1> <ip2>
Vishnu
04-22-2014 01:25 PM
Ah ok, with multiple peers does it try the next one if the first isnt available? how does it sequence?
I would need a tunnel-group for the new IP also correct?
04-22-2014 05:52 PM
And this will try the second IP if first one is unavailable?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community
