Using these steps you are trying to minimize downtime. The beauty is that you keep the OLD IP up and running while you have the NEW IP configured. You can pretty much prep the NEW IP ahead of time and then during a change control time, swing the traffic over.
OLD IP: 184.108.40.206
NEW IP: 220.127.116.11
=====Gather Info Commands: sh running-config tunnel-group (ASA – Get Tunnel Group Config) sh running-config crypto map (ASA – Get Crypto Map Config(ONLY the line with the PEER IP Info)) more system:running-config | i ipsec-attributes|pre-shared-key (ASA – Get the PSK for your PEER) sh run | inc 18.104.22.168 (ASA/7K – Get the route(s) that are on the 7K) sh isakmp sa | inc 22.214.171.124 (ASA – Verify tunnel is up)
1. Get the PSK for the OLD IP (if you’re keeping the old PSK):
more system:running-config | i ipsec-attributes|pre-shared-key
2. Configure and copy NEW Tunnel Group with the PSK you got from #1: