Vardsy
asked on
Change Cisco Ipsec VPN Peer IP Address
Hello,
I have an IPsec VPN between our head office and a remote site and I have recently changed the ISP for the remote site which in turn has meant a new external IP Address.
I have created the IPsec config on the remote site's router to connect to head office but I now need to modify the head office router with the new external IP Address of the remote site.
Current Head office config:
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key 11keygoeshere11 address 202.147.x.x
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to Remote Site
set peer 202.147.x.x
set transform-set ESP-3DES-SHA
match address 199
!
Desired config:
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key 11keygoeshere11 address 220.203.x.x
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to Remote Site
set peer 220.203.x.x
set transform-set ESP-3DES-SHA
match address 199
!
Is it possible to just change the peer address or will the tunnel need to be deleted and recreated from scratch?
Cheers
I have an IPsec VPN between our head office and a remote site and I have recently changed the ISP for the remote site which in turn has meant a new external IP Address.
I have created the IPsec config on the remote site's router to connect to head office but I now need to modify the head office router with the new external IP Address of the remote site.
Current Head office config:
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key 11keygoeshere11 address 202.147.x.x
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to Remote Site
set peer 202.147.x.x
set transform-set ESP-3DES-SHA
match address 199
!
Desired config:
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key 11keygoeshere11 address 220.203.x.x
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to Remote Site
set peer 220.203.x.x
set transform-set ESP-3DES-SHA
match address 199
!
Is it possible to just change the peer address or will the tunnel need to be deleted and recreated from scratch?
Cheers
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry I should add that I do not have any kind of wen interface or management tools installed for these devices.
Just telnet and CLI
Thanks again
Just telnet and CLI
Thanks again
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
i belkieve all the expert comments for this question are accurate and correct.
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
ASKER
I have only used CLI in the past to make any changes?
Thanks