If you or your client is moving from one ISP to another, here’s a four step process on how to change the IP Address for the tunnel. It’s actually four steps on each side of the tunnel.
SITE A (Site that IS changing ISPs):
1. First find all configurations using the OLD IP Segment:
sh run | inc 191.70.100.
2. Using notepad, remove all the configurations with the old IP Addresses/Segment. This will include Statics NATs, ACLs, Names, etc… and change it to the new IP Addresses/Segment.
3. Change the IP Address on the WAN interface.
4. Change the Default Gateway.
Now go over to SITE B’s ASA.
SITE B (Site that is NOT changing ISPs):
1. Add the new peer:
crypto map vpnmap 60 set peer 88.100.200.66
2. Remove the old one:
no crypto map vpnmap 60 set peer 191.70.100.22
3. Create the tunnel-group with the pre-shared key:
tunnel-group 88.100.200.66 type ipsec-l2l tunnel-group 88.100.200.66 ipsec-attributes pre-shared-key c1scoK3y
4. Remove the old tunnel-group:
clear configure tunnel-group 191.70.100.22
That’s it. The tunnel should go up when you send some packets through the tunnel.