John

nikunj_ec09 · ‎02-27-2013

Hi,

can you help me to change peer ip address in site to site VPN. How can i remove and add new peer ip address in existing tunnel.

Please give me command that i can use and do it.

thanks,

Jouni Forss · ‎02-27-2013

Hi,

You dont mention if we are talking about an ASA firewall or perhaps even a router.

In general on ASA / PIX firewall side you would probably

Remove the old "tunnel-group" configurations and create new ones with different peer IP address

You would also remove the old "crypto map set peer x.x.x.x" and replace with the new peer IP address.

- Jouni

nikunj_ec09 · ‎02-27-2013

but i made configuration on router

crypto map nikunj123 ipsec-isakmp

set peer 10.260.32.63

set security-association lifetime seconds 28800

set transform-set 3des-sha

set pfs group2

match address patel_brohters

I want to replace that 10.260.32.63 with new 10.260.32.78

can you provide me command?

thanks for reply

nikunj_ec09 · ‎02-27-2013

i think i have go with

no crypto map nikunj123 ipsec-isakmp

than i have to create again

crypto map nikunj123 ipsec-isakmp

set peer 10.260.32.78

set security-association lifetime seconds 28800

set transform-set 3des-sha

set pfs group2

match address patel_brohters

m i right?

Jouni Forss · ‎02-27-2013

Hi,

I guess that might be one option or just removing and replacing the old peer.

There should also be a configuration line that defines the PSK/Pre-Shared-Key for the L2L VPN connection that also includes the old peer IP address.

- Jouni

nikunj_ec09 · ‎02-27-2013

no crypto map nikunj123 ipsec-isakmp

from this command i can remove cyprot map. am i right?