Solved

ASA 5510 VPN Configuration

Posted on 2010-09-16
4
1,072 Views
Last Modified: 2012-05-10
HELP!
I need to change a peer address in my cypto map to point to a new location. When I do this, it wipes out the preshared key. No Problem, I just reenter the pre-shared key. That worked a couple of times. Now I am trying to test a backup peer address. I execute the very same command (different IP address - reflecting the new peer) and it gets stuck at this command -
tunnel-group 191.192.216.52 ipsec
                                              '^'
I will get an up arrow (^) underneath 'ipsec' and a message stating Error: % invalid input detected at '^' marker.

If I enter tunnel-group 191.192.210.52 ?

I get Configure mode commands/options
Type Enter the type of this group-policy

I enter IPSEC and back to the same issue

Problem:
SO
I enter this -

no crypto map newmap 50 set peer 195.67.119.143
crypto map newmap 50 set peer 197.67.121.145
tunnel-group 197.67.121.145 ipsec
Pre-Shared-Key 'password'

The tunnel works

I enter this -
no crypto map newmap 50 set peer 197.67.121.145
crypto map newmap 50 set peer 197.67.131.119
tunnel-group 197.67.131.119 ipsec
Pre-Shared-Key 'password'

The tunnel works

I enter this -
no crypto map newmap 50 set peer 197.67.131.119
crypto map newmap 50 set peer 191.192.210.52
tunnel-group 191.192.216.52 ipsec
                                              '^'
I can't get past this point to enter a tunnel-group with the name 191.192.216.52 reflecting the new peer address. What am I doing wrong. Of course the original crypto map remains complete and intact.
Note: I changed the IP's a little, for security, in this note.


0
Comment
Question by:GeeMoon
  • 2
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
shirkan earned 250 total points
ID: 33699086
HI,
you have to do this first

tunnel-group 191.192.216.52 type ipsec-l2l (to set the tunnel)
#after that you can add the ipsec-attributes to it
tunnel-group 191.192.216.52 ipsec
pre-shared yourkey
0
 

Author Comment

by:GeeMoon
ID: 33700279
Thank you...

I tried tunnel-group 191.192.216.52 type ipsec
I tried tunnel-group 191.192.216.52  ipsec-l2l
I did not try tunnel-group 191.192.216.52 type ipsec-l2l
I thought the word 'type' was Cisco's way of saying enter the type of tunnel. When I failed the 1st two times I started down other wrong paths (clearing the tunnel, removing/reentering, etc.) unable to see the obvious. I was on a conference call at 2am - little stressful. I should have stuck it out, not realising I would recieve such an efficient timing response. Thank you.
0
 
LVL 5

Expert Comment

by:shirkan
ID: 33700298
Your welcome, things like that happen, thats why a pair of fresh eyes usually helps :)
0
 

Author Comment

by:GeeMoon
ID: 33850786
I thought I had submitted a acceptance of the solution provided by Shirkan immediately. If it didn't go through, I appologise. I wil resubmit. Thanks again for the excellant, to the point, quick response.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now