I have a 7204VXR router at a remote site. We were running a vpn tunnel between the sites and removed the tunnel after we installed a checkpoint firewall. Now, we're tunneling via the firewall. The firewall sits between the router and the switch.
In the process of the switch, changed the ethernet IP of the router and assigned a new IP to the fast ethernet interface. The old IP has been reassigned to the Internal interface on the firewall. The router connects to the firewall via it's external interface. These two are on the same network.
The trouble is that we aren't able to ssh into the router nor gather any snmp data. We can ping the serial interface and the external interface on the firewall, but can't get a response from the ethernet interface itself.
The only other changes we made when we killed the old vpn tunnel was:
Removed the following lines:
Crypto isakmp policy XX
encr 3des
authentication pre-share
Crypto isakmp key XXXXXX address XXX.XXX.XX.13
!
Crypto ipsec transform-set XXXXX esp-3des esp-sha-hmac
!
crypto map KCM XX ipsec-isakmp
set peer XXX.XXX.XX.13
set transform-set XXXXXXX
match address XXX
Also, on the serial pt-to-pt int, we got rid of:
crypto map XXX
And, finally, we removed the extended ip access-list.
Any clues? I'm wondering if I need to redo the crypto for ssh?
One last thing...I can ping the interface from home with no problems. Makes me wonder if it's being blocked by the firewall here at the main bldg. I don't see any blocks, however.