Mail Beyond Logo
Feed on
Posts
Comments

Changing VPN endpoint IP on the Cisco asa5505

November 14th, 2007 by Anthony Curreri

There’s probably a ‘proper’ way Change the IP address of your Cisco asa5505 endpoints.

I have no idea what it is. Why does Cisco make routine maintenance tasks difficult? Oh well.

Here’s the way I do it, which I think is really straightforward and easy. It’s basically these steps:

  1. Download the complete configuration text file from the asa5505
  2. Do a find and replace on the VPN endpoints IP address
  3. Upload the new configuration and restart the asa5505

Easy, right! Here are the detailed steps:

  • Put your computer behind the firewall.
  • Start a TFTP server. If you are running windows, you can download and installa Cisco TFTP Server very easily. There are linux servers for this too.
  • Connect to the console. I like using the blue console cable. If you need to know how to do this, check out the first couple steps here.
  • Type ‘ena’ to enter enable mode. You may need to enter your enable password.
  • Type ‘copy running-config tftp:’ to start the transfer. The asa 5505 will ask you a few questions, like what is the IP of the TFTP server? Conveniently, this is at the top of the TFTP server window. The entire exchange should look like this:

ciscoasa(config)# copy running-config tftp:

Source filename [running-config]?

Address or name of remote host []? 192.168.3.66

Destination filename [running-config]?
Cryptochecksum: 3e2fdd1f ba8792a1 11a9e4e7 f89d46dd
!!
4165 bytes copied in 1.290 secs (4165 bytes/sec)

  • The Cisco TFTP Server saves the uploaded file here by default: ‘C:\Program Files\Cisco Systems\Cisco TFTP Server’
  • Open that file and replace all of the old IP’s for the VPN server with the new IP address. In my file there were three instances.
  • Make sure your TFTP server is still running, and enter ‘copy tftp: startup-config’, then answer the prompts. If you try to replace the running config you’ll probably get errors. For example:

ciscoasa# copy tftp: startup-config

Address or name of remote host [192.168.3.66]?

Source filename [running-config]?

Accessing tftp://192.168.3.66/running-config…!!
Writing system file…
!!
4165 bytes copied in 0.380 secs
ciscoasa#

  • That’s it, now you just need to reboot the device without saving the running-config! Type ‘reload’.

If you found this helpful, help me by checking out the ads at the bottom of the page. Thank you!

Posted in Cisco |

Bookmark with: | del.icio.us | Digg it | Netscape | Newsvine | Yahoo MyWeb |

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.