Using these steps you are trying to minimize downtime. The beauty is that you keep the OLD IP up and running while you have the NEW IP configured. You can pretty much prep the NEW IP ahead of time and then during a change control time, swing the traffic over.
OLD IP: 220.127.116.11
NEW IP: 18.104.22.168
=====Gather Info Commands: sh running-config tunnel-group (ASA – Get Tunnel Group Config) sh running-config crypto map (ASA – Get Crypto Map Config(ONLY the line with the PEER IP Info)) more system:running-config | i ipsec-attributes|pre-shared-key (ASA – Get the PSK for your PEER) sh run | inc 22.214.171.124 (ASA/7K – Get the route(s) that are on the 7K) sh isakmp sa | inc 126.96.36.199 (ASA – Verify tunnel is up)
1. Get the PSK for the OLD IP (if you’re keeping the old PSK):
more system:running-config | i ipsec-attributes|pre-shared-key
2. Configure and copy NEW Tunnel Group with the PSK you got from #1: