I have 2 Cisco ASA connected in 2 offices which have a fully functional l2l ipsec tunnel. A new layer 2 link has been installed on each site and I am terminating it on a firewall FE int on each site with private address. Connenctivity is established. So I want to swap the vpn from using the outside interfaces to the new installed interfaces
On both firewalls I have enabled isakmp on the new interface
I have created a new tunnel group for each side using the same pre share key (thanks to the more system:running config command :-))
enabled the crypto map "my_map" on new interfaces
thats all I should need?
I have tested it by removing the existing peers and using new peers and its not coming up saying there is no match
Anything else I am missing?
Besides enabling the crypto commands on the new interfaces, you should have the route pointing out the new interface to reach the VPN peer.
Check that you have connectivity with the VPN peer via the new interfaces.