Solved

ASA 5510 VPN Configuration

Posted on 2010-09-16
4
1,103 Views
Last Modified: 2012-05-10
HELP!
I need to change a peer address in my cypto map to point to a new location. When I do this, it wipes out the preshared key. No Problem, I just reenter the pre-shared key. That worked a couple of times. Now I am trying to test a backup peer address. I execute the very same command (different IP address - reflecting the new peer) and it gets stuck at this command -
tunnel-group 191.192.216.52 ipsec
                                              '^'
I will get an up arrow (^) underneath 'ipsec' and a message stating Error: % invalid input detected at '^' marker.

If I enter tunnel-group 191.192.210.52 ?

I get Configure mode commands/options
Type Enter the type of this group-policy

I enter IPSEC and back to the same issue

Problem:
SO
I enter this -

no crypto map newmap 50 set peer 195.67.119.143
crypto map newmap 50 set peer 197.67.121.145
tunnel-group 197.67.121.145 ipsec
Pre-Shared-Key 'password'

The tunnel works

I enter this -
no crypto map newmap 50 set peer 197.67.121.145
crypto map newmap 50 set peer 197.67.131.119
tunnel-group 197.67.131.119 ipsec
Pre-Shared-Key 'password'

The tunnel works

I enter this -
no crypto map newmap 50 set peer 197.67.131.119
crypto map newmap 50 set peer 191.192.210.52
tunnel-group 191.192.216.52 ipsec
                                              '^'
I can't get past this point to enter a tunnel-group with the name 191.192.216.52 reflecting the new peer address. What am I doing wrong. Of course the original crypto map remains complete and intact.
Note: I changed the IP's a little, for security, in this note.


0
Comment
Question by:GeeMoon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
shirkan earned 250 total points
ID: 33699086
HI,
you have to do this first

tunnel-group 191.192.216.52 type ipsec-l2l (to set the tunnel)
#after that you can add the ipsec-attributes to it
tunnel-group 191.192.216.52 ipsec
pre-shared yourkey
0
 

Author Comment

by:GeeMoon
ID: 33700279
Thank you...

I tried tunnel-group 191.192.216.52 type ipsec
I tried tunnel-group 191.192.216.52  ipsec-l2l
I did not try tunnel-group 191.192.216.52 type ipsec-l2l
I thought the word 'type' was Cisco's way of saying enter the type of tunnel. When I failed the 1st two times I started down other wrong paths (clearing the tunnel, removing/reentering, etc.) unable to see the obvious. I was on a conference call at 2am - little stressful. I should have stuck it out, not realising I would recieve such an efficient timing response. Thank you.
0
 
LVL 5

Expert Comment

by:shirkan
ID: 33700298
Your welcome, things like that happen, thats why a pair of fresh eyes usually helps :)
0
 

Author Comment

by:GeeMoon
ID: 33850786
I thought I had submitted a acceptance of the solution provided by Shirkan immediately. If it didn't go through, I appologise. I wil resubmit. Thanks again for the excellant, to the point, quick response.
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question