Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
509
Views
0
Helpful
2
Replies

Reconfiguring a Site to Site VPN

Go to solution
AQUALUNGAMERICA
Level 1
Level 1

‎05-09-2013 04:24 PM

I have a Cisco ASA 5505 with version 8.2.5 talking to a SonicWall 2040. I am moving the Cisco ASA 5505 Site to Site tunnel from the SonicWall 2040 to a new Cisco ASA 5520 running 8.4.5. Building a tunnel with the command line I have learned. I need to reconfigure the tunnel to point to the Cisco ASA 5520. I have already configured the ASA 5520 with it's proper "Interesting rules", NAT and crypto. What would be the best approach for reconfiguring the Cisco ASA 5505 via the command line to have it reconnect to the Cisco ASA 5520?

Any advice would be greatly appreciated it.                  

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎05-09-2013 04:35 PM

Hi,

I presume the ASA5520 will have a different public IP address than the Sonicawall? So you are not simply replacing the Sonicwall with the ASA?

If the public IP address is indeed changing when the ASA5520 is taken into use then you have to change a couple of configurations on the ASA5505 side

You need to replace the current peer IP address in the "crypto map" and "tunnel-group" configurations

no crypto map set peer

crypto map set peer

no tunnel-group ipsec-attributes

no tunnel-group type ipsec-ll2l

tunnel-group type ipsec-l2l

tunnel-group ipsec-attributes

pre-shared-key

Hope this helps

- Jouni

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎05-09-2013 04:35 PM

Hi,

I presume the ASA5520 will have a different public IP address than the Sonicawall? So you are not simply replacing the Sonicwall with the ASA?

If the public IP address is indeed changing when the ASA5520 is taken into use then you have to change a couple of configurations on the ASA5505 side

You need to replace the current peer IP address in the "crypto map" and "tunnel-group" configurations

no crypto map set peer

crypto map set peer

no tunnel-group ipsec-attributes

no tunnel-group type ipsec-ll2l

tunnel-group type ipsec-l2l

tunnel-group ipsec-attributes

pre-shared-key

Hope this helps

- Jouni

0 Helpful

Go to solution
AQUALUNGAMERICA
Level 1
Level 1
In response to Jouni Forss

‎06-12-2013 04:17 PM

Jouni,

        Thank you for the advice. It was what I was looking for. I reconfigured and adjusted some of my NAT access-list and split tunnel issues and have what I need working. Appreciate your support and time.

0 Helpful
Customers Also Viewed These Support Documents