?
Solved

Change Cisco Ipsec VPN Peer IP Address

Posted on 2011-05-07
10
Medium Priority
?
2,281 Views
Last Modified: 2012-08-13
Hello,

I have an IPsec VPN between our head office and a remote site and I have recently changed the ISP for the remote site which in turn has meant a new external IP Address.

I have created the IPsec config on the remote site's router to connect to head office but I now need to modify the head office router with the new external IP Address of the remote site.

Current Head office config:

!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key 11keygoeshere11 address 202.147.x.x
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
 description Tunnel to Remote Site
 set peer 202.147.x.x
 set transform-set ESP-3DES-SHA
 match address 199
!

Desired config:

!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key 11keygoeshere11 address 220.203.x.x
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
 description Tunnel to Remote Site
 set peer 220.203.x.x
 set transform-set ESP-3DES-SHA
 match address 199
!

Is it possible to just change the peer address or will the tunnel need to be deleted and recreated from scratch?

Cheers
0
Comment
Question by:Vardsy
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 3

Accepted Solution

by:
itubaf earned 500 total points
ID: 35714521
you just need to change Public IP Address on both routers/Firewall and restart your devices.
0
 
LVL 20

Assisted Solution

by:Svet Paperov
Svet Paperov earned 1000 total points
ID: 35715258
The config file is a simple text files that can be modified with Notepad. You can simply download it on a PC, change all addresses, upload it, and apply it to the router/firewall. Finally, restart both devices and you will be good. This is the easiest way.  
0
 

Author Comment

by:Vardsy
ID: 35716718
How do you upload the text file to the router?
I have only used CLI in the past to make any changes?

Thanks
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 

Author Comment

by:Vardsy
ID: 35716721
Sorry I should add that I do not have any kind of wen interface or management tools installed for these devices.
Just telnet and CLI

Thanks again
0
 
LVL 20

Assisted Solution

by:Svet Paperov
Svet Paperov earned 1000 total points
ID: 35716778
You can use TFTP. You can download a free TFTP server and install it on a Windows PC. My favorite is Solarwinds TFTP http://www.solarwinds.com/products/freetools/free_tftp_server.aspx

Best way:
1. copy startup-configuration to the flash as a new file
2. copy that file to a PC using tftp
3. edit the file
4. copy back to the router as a new file in the flash
5. copy from that file to startup-configuration
6. restart the router
0
 
LVL 8

Assisted Solution

by:pgolding00
pgolding00 earned 500 total points
ID: 35717204
it will be quicker to use the cli. just telnet/ssh in and enter the following:

crypto isakmp key 11keygoeshere11 address 220.203.x.x
crypto map SDM_CMAP_1 1 ipsec-isakmp
 set peer 220.203.x.x

then control-Z, "write mem" and its done. you dont have to reload anything for this change to become active, just generate some traffic that will go through the tunnel.

in case the tunnel is already up to the old site, enter
clear cry isa sa
clear cry ips sa
then generate traffic to go thgough the tunnel. you can verify that the new tunnel config is working from
show cry isa sa
show cry ips sa.
0
 
LVL 8

Expert Comment

by:pgolding00
ID: 36000861
i belkieve all the expert comments for this question are accurate and correct.
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 36110334
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses
Course of the Month15 days, 10 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question