Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to change VPN peer address on ASA 5520

Environment:

ASA 5520 running 7.2(1)

IPSEC L2L VPN established using Wizard.

The IP address of the remote peer needs to change. Using ASDM, I cannot change the Tunnel Group name (which is currently the peer address). I can change the peer address in the IPSec rule, but is this all that is needed?

Do I have to add a new tunnel group using the new peer address for the name? If so how does this relate to the other objects that are required for a VPN?

When you create a VPN using the Wizard, it creates multiple objects that are hard to track when changes are required. Is it best to delete all of the current VPN objects and create a new config using the wizard again?

Is it better to make the changes using the CLI? What lines need to be changed for the peer address when using commands?

Thanks in advance for any help!

1 ACCEPTED SOLUTION

Accepted Solutions
Green

Re: How to change VPN peer address on ASA 5520

I can change the peer address in the IPSec rule, but is this all that is needed?

- No, tunnel group name must match peer address.

Do I have to add a new tunnel group using the new peer address for the name?

- Yes.

Is it better to make the changes using the CLI?

- I would always recommend it, but if you don't know it you have no option.

Add new tunnel-group with group name as new peer address, same key etc. Add new peer address to peer settings under edit ipsec rule. Then you should be able to remove the old tunnel group. Hope this helps you, been a while since I did it this way.

1 REPLY
Green

Re: How to change VPN peer address on ASA 5520

I can change the peer address in the IPSec rule, but is this all that is needed?

- No, tunnel group name must match peer address.

Do I have to add a new tunnel group using the new peer address for the name?

- Yes.

Is it better to make the changes using the CLI?

- I would always recommend it, but if you don't know it you have no option.

Add new tunnel-group with group name as new peer address, same key etc. Add new peer address to peer settings under edit ipsec rule. Then you should be able to remove the old tunnel group. Hope this helps you, been a while since I did it this way.

1755
Views
0
Helpful
1
Replies