Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Edit site-to-site VPN on ASA 5505

Hello.

I have been given an ASA 5505 from another office that I need to configure for a new office.  How can I just change the peer IP and pre-shared key using the CLI?  Normally I have to delete the whole VPN config and start again, but wondered if there was an easier way?


Thanks

1 REPLY
Super Bronze

Re: Edit site-to-site VPN on ASA 5505

Hi,

I'd imagine you first need to delete the "tunnel-group" configuration and the "crypto map" line for the peer IP address.

After that create the "tunnel-group" configuration again and add the new peer IP address to the "crypto map" configurations.

The "crypto map" configurations you can see with the "show run crypto" command

The "tunnel-group" configurations you can see with the "show run tunnel-group" command

Just use the "no" keyword in front of the command. I think you can delete the "tunnel-group" just by issuing "no tunnel-group x.x.x.x" Not totally sure. Try it out.

tunnel-group x.x.x.x type ipsec-l2l

tunnel-group x.x.x.x ipsec-attributes

pre-shared-key blaablaablaa

crypto map set peer x.x.x.x

Need to change atleast those. Then again there might be some "group-policy" attributes that you have to add again to the new tunnel-group etc (if you had them on the previous connection)

- Jouni

735
Views
0
Helpful
1
Replies
CreatePlease to create content