Solved

ASA 5510 VPN Configuration

Posted on 2010-09-16
4
1,088 Views
Last Modified: 2012-05-10
HELP!
I need to change a peer address in my cypto map to point to a new location. When I do this, it wipes out the preshared key. No Problem, I just reenter the pre-shared key. That worked a couple of times. Now I am trying to test a backup peer address. I execute the very same command (different IP address - reflecting the new peer) and it gets stuck at this command -
tunnel-group 191.192.216.52 ipsec
                                              '^'
I will get an up arrow (^) underneath 'ipsec' and a message stating Error: % invalid input detected at '^' marker.

If I enter tunnel-group 191.192.210.52 ?

I get Configure mode commands/options
Type Enter the type of this group-policy

I enter IPSEC and back to the same issue

Problem:
SO
I enter this -

no crypto map newmap 50 set peer 195.67.119.143
crypto map newmap 50 set peer 197.67.121.145
tunnel-group 197.67.121.145 ipsec
Pre-Shared-Key 'password'

The tunnel works

I enter this -
no crypto map newmap 50 set peer 197.67.121.145
crypto map newmap 50 set peer 197.67.131.119
tunnel-group 197.67.131.119 ipsec
Pre-Shared-Key 'password'

The tunnel works

I enter this -
no crypto map newmap 50 set peer 197.67.131.119
crypto map newmap 50 set peer 191.192.210.52
tunnel-group 191.192.216.52 ipsec
                                              '^'
I can't get past this point to enter a tunnel-group with the name 191.192.216.52 reflecting the new peer address. What am I doing wrong. Of course the original crypto map remains complete and intact.
Note: I changed the IP's a little, for security, in this note.


0
Comment
Question by:GeeMoon
  • 2
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
shirkan earned 250 total points
ID: 33699086
HI,
you have to do this first

tunnel-group 191.192.216.52 type ipsec-l2l (to set the tunnel)
#after that you can add the ipsec-attributes to it
tunnel-group 191.192.216.52 ipsec
pre-shared yourkey
0
 

Author Comment

by:GeeMoon
ID: 33700279
Thank you...

I tried tunnel-group 191.192.216.52 type ipsec
I tried tunnel-group 191.192.216.52  ipsec-l2l
I did not try tunnel-group 191.192.216.52 type ipsec-l2l
I thought the word 'type' was Cisco's way of saying enter the type of tunnel. When I failed the 1st two times I started down other wrong paths (clearing the tunnel, removing/reentering, etc.) unable to see the obvious. I was on a conference call at 2am - little stressful. I should have stuck it out, not realising I would recieve such an efficient timing response. Thank you.
0
 
LVL 5

Expert Comment

by:shirkan
ID: 33700298
Your welcome, things like that happen, thats why a pair of fresh eyes usually helps :)
0
 

Author Comment

by:GeeMoon
ID: 33850786
I thought I had submitted a acceptance of the solution provided by Shirkan immediately. If it didn't go through, I appologise. I wil resubmit. Thanks again for the excellant, to the point, quick response.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question