Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

L2L VPN migration question

We have a few sites that all VPN to one ASA, that ASA is getting a new IP address, can i configure and new crypto map with a high sequence number with the same interesting traffic?

 

Will the ASA try that one if it cannot reach the old IP?

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

In crypto map VPN you must

In crypto map VPN you must not introduce overlap, but you can add multiple peers to same crypto map entry. Or use a dynamic entry without  any peer IP.

Cisco Employee

Yes a tunnel group is needed

Yes a tunnel group is needed with same pre-shared-key. apart from this, in crypto map, you can define it like this:

 

crypto map <crypto_name> <seq> set peer <ip1> <ip2>

 

Vishnu

4 REPLIES
Cisco Employee

In crypto map VPN you must

In crypto map VPN you must not introduce overlap, but you can add multiple peers to same crypto map entry. Or use a dynamic entry without  any peer IP.

New Member

Ah ok, with multiple peers

Ah ok, with multiple peers does it try the next one if the first isnt available? how does it sequence?

 

I would need a tunnel-group for the new IP also correct?

Cisco Employee

Yes a tunnel group is needed

Yes a tunnel group is needed with same pre-shared-key. apart from this, in crypto map, you can define it like this:

 

crypto map <crypto_name> <seq> set peer <ip1> <ip2>

 

Vishnu

New Member

And this will try the second

And this will try the second IP if first one is unavailable?

42
Views
0
Helpful
4
Replies