cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
437
Views
0
Helpful
3
Replies

VPN Won't come up since IP Change

tomas roberton
Level 1
Level 1

Hi,

We have a VPN tunnel between our remote site and HQ.

Our HQ external ip address changed and I have changed the connection profile in the remote site ASA to the new HQ ip address but this doesn't bring the tunnel back up.

I have attached the configs if anybody could take a look and help me out :)

Thanks,

Tom

3 Replies 3

Rahul Govindan
VIP Alumni
VIP Alumni

You also have to change the "set peer" command on the crypto map to reflect the new ip address. Right now you have:

crypto map abcmap 1 set peer 81.149.x.x

and

tunnel-group 81.136.x.x type ipsec-l2l

Hi Rahul,

The set peer ip address is correct, the tunnel group one is the old one.

I thought that the tunnel group ip address was just a name ? will this need to be changed ?

Thanks,

Tom

Yes, this needs to be changed too as this references the pre-shared key. You would need to create a new one with the name as the new IP address and keep all the settings the same (basically the pre-shared key). You can then delete the old one.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: