Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
253
Views
1
Helpful
2
Replies

Crypto map missmatch. Will the tunnel still work?

Go to solution
Chess Norris
Level 4
Level 4

‎10-07-2025 04:35 AM

Hello,

I need to add a new network to a crypto map. However, it will take some time for the partner to add the same network on the other side. I want to prepare as much of the configuration at my side as possible. Would it be ok if I add the new network on my side first and then wait for the partner to add it on their side without risking messing up the VPN tunnel. I want to make sure the VPN tunnel continue working for the other networks in the crypto map.

Thanks

/Chess

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎10-07-2025 04:40 AM

@Chess Norris you can add the new ACE (that represent the interesting traffic) to the existing crypto ACL, it should not break the existing SA's on the tunnel. If interesting traffic is generated from your side, those SAs will fail to establish until the peer has configured their side. 

View solution in original post

2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎10-07-2025 04:40 AM

@Chess Norris you can add the new ACE (that represent the interesting traffic) to the existing crypto ACL, it should not break the existing SA's on the tunnel. If interesting traffic is generated from your side, those SAs will fail to establish until the peer has configured their side. 

Go to solution
Chess Norris
Level 4
Level 4
In response to Rob Ingram

‎10-07-2025 04:43 AM

Thank you for the super fast reply. That's exactly what I wanted to hear.

0 Helpful
Customers Also Viewed These Support Documents