Solved

Editing Crypto Map setting on PIX

Posted on 2009-04-03
4
1,174 Views
Last Modified: 2012-05-06
I have a PIX firewall at the office. One of our remote users has a Cisco 2600 router at his house. We have a IPSEC tunnel between the two. The home user has a dynamic IP address and from time to time it changes.
What I need to know are the commands for editing/updating the settings to reflect his new IP address. This is what it currently looks like:

crypto map VPN 22 match address 101
crypto map VPN 22 set peer 69.181.XX.XX
crypto map VPN 22 set transform-set VPN
crypto map VPN 22 set security-association lifetime seconds 28800

I have limited experience with the PIX but I can navigate around without blowing it up.

Any help is appreciated
0
Comment
Question by:Stanley
  • 2
4 Comments
 
LVL 6

Expert Comment

by:cosmicfox
ID: 24063029
what you need to do is change the vpn peer. the map will stay the same. what you should look into is some type of easy vpn which is good for a remote dynamic ip.
0
 

Author Comment

by:Stanley
ID: 24063431
I want my boss to get a static IP for his home but until then I need to edit the peer setting. I tried the following

sf-firewall(config)# crypto map VPN 21 set peer 98.210.157.XXX
ERROR: Multiple Peers can be specified only with originate-only connections
sf-firewall(config)#

So I'm guessing I need to either  remove the original peer address and create a new one or edit the existing peer. I'd prefer to edit the existing one.
0
 
LVL 6

Expert Comment

by:cosmicfox
ID: 24063877
yes you are correct.
0
 
LVL 9

Accepted Solution

by:
Donboo earned 250 total points
ID: 24063885
Remove the peer first before adding an new peer.

no crypto map VPN 22 set peer 69.181.XX.XX
then add the new peer
crypto map VPN 22 set peer 98.210.157.XXX

Disregard my numbering, its just for the example.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question