cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
688
Views
5
Helpful
3
Replies

moving vpn to new interface

dfbnws
Level 1
Level 1

hi

i have a vpn on a router interface, which has a crypto map applied

i am building another link to the peer device and configuring the interface with new IPs

question is, can i place the same crypto under the new interface?

my understanding is that this should not impact anything, as there will be no routing happing to that interface until i switch the traffic from peer device

1 Accepted Solution

Accepted Solutions

Hi,
If you aren't changing the Crypto Map configuration then you can apply this to another interface, nothing will happen until traffic is routed out that interface.

View solution in original post

3 Replies 3

Hi,
Yes you could use the same Crypto Map, but it's trivial to define a new Crypto Map it's up to you. If you define a new Crypto Map/ACL and don't change the existing VPN configuration, you will have the ability to back out of the change if it doesn't work as expected.

Depending on what has changed you will obviously need to ensure the interesting traffic ACL and the peer IP address is correct.

On the remote router you will obviously need to point to the new IP address.

HTH

thanks for the reply

i think i didnt explain completely.

theres no change to the crypto map, the ACLs remain the same

I just have to apply it to a new interface that i created between the inside device that will forward all traffic and the router which is encrypting all traffic. once encrypted, traffic goes out the vpn device through the same interface, but since dst IP has changed, its routed differently, to the outside network, and eventually to the not-changed IPSEC peer...

I guess my question is, theres not going to be any impact during the pre-work, as i apply the same crypto map to the new interface?

Hi,
If you aren't changing the Crypto Map configuration then you can apply this to another interface, nothing will happen until traffic is routed out that interface.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: