• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1202
  • Last Modified:

Editing Crypto Map setting on PIX

I have a PIX firewall at the office. One of our remote users has a Cisco 2600 router at his house. We have a IPSEC tunnel between the two. The home user has a dynamic IP address and from time to time it changes.
What I need to know are the commands for editing/updating the settings to reflect his new IP address. This is what it currently looks like:

crypto map VPN 22 match address 101
crypto map VPN 22 set peer 69.181.XX.XX
crypto map VPN 22 set transform-set VPN
crypto map VPN 22 set security-association lifetime seconds 28800

I have limited experience with the PIX but I can navigate around without blowing it up.

Any help is appreciated
0
Stanley
Asked:
Stanley
  • 2
1 Solution
 
cosmicfoxCommented:
what you need to do is change the vpn peer. the map will stay the same. what you should look into is some type of easy vpn which is good for a remote dynamic ip.
0
 
StanleyManager Systems and TechnologyAuthor Commented:
I want my boss to get a static IP for his home but until then I need to edit the peer setting. I tried the following

sf-firewall(config)# crypto map VPN 21 set peer 98.210.157.XXX
ERROR: Multiple Peers can be specified only with originate-only connections
sf-firewall(config)#

So I'm guessing I need to either  remove the original peer address and create a new one or edit the existing peer. I'd prefer to edit the existing one.
0
 
cosmicfoxCommented:
yes you are correct.
0
 
DonbooCommented:
Remove the peer first before adding an new peer.

no crypto map VPN 22 set peer 69.181.XX.XX
then add the new peer
crypto map VPN 22 set peer 98.210.157.XXX

Disregard my numbering, its just for the example.
0

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now