Solved

ASA 5510 VPN Configuration

Posted on 2010-09-16
4
1,096 Views
Last Modified: 2012-05-10
HELP!
I need to change a peer address in my cypto map to point to a new location. When I do this, it wipes out the preshared key. No Problem, I just reenter the pre-shared key. That worked a couple of times. Now I am trying to test a backup peer address. I execute the very same command (different IP address - reflecting the new peer) and it gets stuck at this command -
tunnel-group 191.192.216.52 ipsec
                                              '^'
I will get an up arrow (^) underneath 'ipsec' and a message stating Error: % invalid input detected at '^' marker.

If I enter tunnel-group 191.192.210.52 ?

I get Configure mode commands/options
Type Enter the type of this group-policy

I enter IPSEC and back to the same issue

Problem:
SO
I enter this -

no crypto map newmap 50 set peer 195.67.119.143
crypto map newmap 50 set peer 197.67.121.145
tunnel-group 197.67.121.145 ipsec
Pre-Shared-Key 'password'

The tunnel works

I enter this -
no crypto map newmap 50 set peer 197.67.121.145
crypto map newmap 50 set peer 197.67.131.119
tunnel-group 197.67.131.119 ipsec
Pre-Shared-Key 'password'

The tunnel works

I enter this -
no crypto map newmap 50 set peer 197.67.131.119
crypto map newmap 50 set peer 191.192.210.52
tunnel-group 191.192.216.52 ipsec
                                              '^'
I can't get past this point to enter a tunnel-group with the name 191.192.216.52 reflecting the new peer address. What am I doing wrong. Of course the original crypto map remains complete and intact.
Note: I changed the IP's a little, for security, in this note.


0
Comment
Question by:GeeMoon
  • 2
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
shirkan earned 250 total points
ID: 33699086
HI,
you have to do this first

tunnel-group 191.192.216.52 type ipsec-l2l (to set the tunnel)
#after that you can add the ipsec-attributes to it
tunnel-group 191.192.216.52 ipsec
pre-shared yourkey
0
 

Author Comment

by:GeeMoon
ID: 33700279
Thank you...

I tried tunnel-group 191.192.216.52 type ipsec
I tried tunnel-group 191.192.216.52  ipsec-l2l
I did not try tunnel-group 191.192.216.52 type ipsec-l2l
I thought the word 'type' was Cisco's way of saying enter the type of tunnel. When I failed the 1st two times I started down other wrong paths (clearing the tunnel, removing/reentering, etc.) unable to see the obvious. I was on a conference call at 2am - little stressful. I should have stuck it out, not realising I would recieve such an efficient timing response. Thank you.
0
 
LVL 5

Expert Comment

by:shirkan
ID: 33700298
Your welcome, things like that happen, thats why a pair of fresh eyes usually helps :)
0
 

Author Comment

by:GeeMoon
ID: 33850786
I thought I had submitted a acceptance of the solution provided by Shirkan immediately. If it didn't go through, I appologise. I wil resubmit. Thanks again for the excellant, to the point, quick response.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question