Easy change of a Cisco ASA VPN site-2-site tunnel IP address.

Since a few times i had to change some site-2-site vpn tunnels on cisco ASA’s and first my colleague was saying I had to remove the whole VPN configuration and rebuild this configuration. However during my testing and on. I found a way that i didn’t had to remove the whole configuration of the site-2-site… Well below i descriped when i do to change an ip address of an cisco site-2-site tunnel in live. situation while the other site got an new IP address.

First you have to look for the current configuration like below:

crypto map OUTSIDE_map 1 set peer <current IP >
tunnel-group <current IP> type ipsec-l2l
tunnel-group <current IP> ipsec-attributes
pre-shared-key <current KEY>

Second you create the same configuration with the new IP address of the location: 

crypto map OUTSIDE_map 1 set peer <new IP >
tunnel-group <new IP> type ipsec-l2l
tunnel-group <new IP> ipsec-attributes
pre-shared-key <remain the same KEY>

So you will see in the show running-config a line like below:

crypto map OUTSIDE_map 1 set peer <current IP > <new IP >

The next thing what you need to do is to remove. the old IP settings on the ASA. You will need to do the following handlings.

Type than:
no crypto map OUTSIDE_map 1 set peer <current IP >
no tunnel-group <current IP> type ipsec-l2l
no tunnel-group <current IP> ipsec-attributes

It may be possible that the Cisco Asa answers back to use the clear command. If you use that command the configuration of the tunnel-group will be gone also.

If you do show running-config than you will see that the old configuration is removed and the new is configured. Just check with the ASDM of your vpn tunnel is back online. and than it should be working like before..

6 thoughts on “Easy change of a Cisco ASA VPN site-2-site tunnel IP address.

  1. just a suggestion, we can also type “clear configure tunnel-group ” instead of the two line “no tunnel-group…”

  2. Pingback: How to update Cisco VPN site-to-site peer IP

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s