Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1310
  • Last Modified:

Changing endpoint IP for L2L VPN - ASA 5510

Need to change an endpoint IP for existing site-to-site VPN, was wondering if it is as simple as it sounds by going through the CLI or ASDM and swapping out existing IP with new or if there is more heavy lifting involved.  Sanitized config below.  

crypto map 10MB_map 80 set peer (peer IP address)
crypto map 10MB_map 80 set transform-set ESP-3DES-MD5
crypto map 10MB_map 80 set security-association lifetime seconds 28800
crypto map 10MB_map 80 set security-association lifetime kilobytes 4608000
tunnel-group (peer IP address) type ipsec-l2l
tunnel-group (peer IP address) ipsec-attributes
 pre-shared-key *

If anyone has the CLI syntax that is best for testing and diagnostics on the new tunnel after IP change that would be appreciated also.


1 Solution
Pete LongConsultantCommented:
You have already narrowed in on what needs to change :)
I wrote an article  a while back on how to do this...............

Cisco ASA - Changing VPN IP Addresses


Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now