Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
451
Views
0
Helpful
3
Replies

VPN Won't come up since IP Change

tomas roberton
Level 1
Level 1

‎04-25-2017 01:41 AM

Hi,

We have a VPN tunnel between our remote site and HQ.

Our HQ external ip address changed and I have changed the connection profile in the remote site ASA to the new HQ ip address but this doesn't bring the tunnel back up.

I have attached the configs if anybody could take a look and help me out :)

Thanks,

Tom

Labels:
Preview file
16 KB
Preview file
19 KB
0 Helpful
3 Replies 3

Rahul Govindan
VIP Alumni
VIP Alumni

‎04-25-2017 03:46 AM

You also have to change the "set peer" command on the crypto map to reflect the new ip address. Right now you have:

crypto map abcmap 1 set peer 81.149.x.x

and

tunnel-group 81.136.x.x type ipsec-l2l

0 Helpful

tomas roberton
Level 1
Level 1
In response to Rahul Govindan

‎04-25-2017 03:59 AM

Hi Rahul,

The set peer ip address is correct, the tunnel group one is the old one.

I thought that the tunnel group ip address was just a name ? will this need to be changed ?

Thanks,

Tom

0 Helpful

Rahul Govindan
VIP Alumni
VIP Alumni
In response to tomas roberton

‎04-25-2017 04:02 AM

Yes, this needs to be changed too as this references the pre-shared key. You would need to create a new one with the name as the new IP address and keep all the settings the same (basically the pre-shared key). You can then delete the old one.

0 Helpful
Customers Also Viewed These Support Documents