Solved

ASA 5510 VPN Configuration

Posted on 2010-09-16
4
1,082 Views
Last Modified: 2012-05-10
HELP!
I need to change a peer address in my cypto map to point to a new location. When I do this, it wipes out the preshared key. No Problem, I just reenter the pre-shared key. That worked a couple of times. Now I am trying to test a backup peer address. I execute the very same command (different IP address - reflecting the new peer) and it gets stuck at this command -
tunnel-group 191.192.216.52 ipsec
                                              '^'
I will get an up arrow (^) underneath 'ipsec' and a message stating Error: % invalid input detected at '^' marker.

If I enter tunnel-group 191.192.210.52 ?

I get Configure mode commands/options
Type Enter the type of this group-policy

I enter IPSEC and back to the same issue

Problem:
SO
I enter this -

no crypto map newmap 50 set peer 195.67.119.143
crypto map newmap 50 set peer 197.67.121.145
tunnel-group 197.67.121.145 ipsec
Pre-Shared-Key 'password'

The tunnel works

I enter this -
no crypto map newmap 50 set peer 197.67.121.145
crypto map newmap 50 set peer 197.67.131.119
tunnel-group 197.67.131.119 ipsec
Pre-Shared-Key 'password'

The tunnel works

I enter this -
no crypto map newmap 50 set peer 197.67.131.119
crypto map newmap 50 set peer 191.192.210.52
tunnel-group 191.192.216.52 ipsec
                                              '^'
I can't get past this point to enter a tunnel-group with the name 191.192.216.52 reflecting the new peer address. What am I doing wrong. Of course the original crypto map remains complete and intact.
Note: I changed the IP's a little, for security, in this note.


0
Comment
Question by:GeeMoon
  • 2
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
shirkan earned 250 total points
ID: 33699086
HI,
you have to do this first

tunnel-group 191.192.216.52 type ipsec-l2l (to set the tunnel)
#after that you can add the ipsec-attributes to it
tunnel-group 191.192.216.52 ipsec
pre-shared yourkey
0
 

Author Comment

by:GeeMoon
ID: 33700279
Thank you...

I tried tunnel-group 191.192.216.52 type ipsec
I tried tunnel-group 191.192.216.52  ipsec-l2l
I did not try tunnel-group 191.192.216.52 type ipsec-l2l
I thought the word 'type' was Cisco's way of saying enter the type of tunnel. When I failed the 1st two times I started down other wrong paths (clearing the tunnel, removing/reentering, etc.) unable to see the obvious. I was on a conference call at 2am - little stressful. I should have stuck it out, not realising I would recieve such an efficient timing response. Thank you.
0
 
LVL 5

Expert Comment

by:shirkan
ID: 33700298
Your welcome, things like that happen, thats why a pair of fresh eyes usually helps :)
0
 

Author Comment

by:GeeMoon
ID: 33850786
I thought I had submitted a acceptance of the solution provided by Shirkan immediately. If it didn't go through, I appologise. I wil resubmit. Thanks again for the excellant, to the point, quick response.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ASE reports it as spam 2 125
Random Terminal Server disconnections. 2 101
Cisco Switch Port Security 2 38
Port Forwarding on Cisco 881 14 44
This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now