Changing endpoint IP for L2L VPN - ASA 5510
Posted on 2012-09-14
Need to change an endpoint IP for existing site-to-site VPN, was wondering if it is as simple as it sounds by going through the CLI or ASDM and swapping out existing IP with new or if there is more heavy lifting involved. Sanitized config below.
crypto map 10MB_map 80 set peer (peer IP address)
crypto map 10MB_map 80 set transform-set ESP-3DES-MD5
crypto map 10MB_map 80 set security-association lifetime seconds 28800
crypto map 10MB_map 80 set security-association lifetime kilobytes 4608000
tunnel-group (peer IP address) type ipsec-l2l
tunnel-group (peer IP address) ipsec-attributes
If anyone has the CLI syntax that is best for testing and diagnostics on the new tunnel after IP change that would be appreciated also.