07-21-2009 05:22 AM - edited 03-11-2019 08:57 AM
I have set up a site to site vpn between my corporate 5510 and a new 5510 for a remote office. I set a test public IP on the remote 5510 and used that IP for the peer address on the tunnel.
When I receive the permanent IP from the ISP for the remote 5510 is there a way to change the peer IP on the corporate 5510? So I don't have to recreate it?
07-21-2009 05:29 AM
Simply remove it-
no crypto map map1 20 set peer 192.168.50.100
Then re-enter with the correct IP-
crypto map map1 20 set peer 75.50.95.72
Hope that helps.
07-21-2009 09:26 AM
Hi Collin,
While that seems simple - just curious if that will also reset the related L2L statements needed for the site-to-site?
Will doing this:
no crypto map map1 20 set peer 192.168.50.100
crypto map map1 20 set peer 75.50.95.72
Change these statements?
tunnel-group 192.168.50.100 type ipsec-l2l
tunnel-group 192.168.50.100 ipsec-attributes
pre-shared-key *
Thanks,
Jim
07-21-2009 09:28 AM
Nope. You may get an error saying that the crypto map will be incomplete until you add a peer, but it will not remove the L2L settings.
07-21-2009 09:33 AM
Thanks. When you add in the new peer will it change the L2L statements automatically for you (or automatically create new ones corresponding to the new IPs)?
Hope that makes sense.
Jim
07-21-2009 09:35 AM
I know what you mean and unfortunately it does not. We had some sites that changed frequently and it was pain to maintain.
07-21-2009 09:44 AM
Thank you, Collin. Appreciate all your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide