Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
369
Views
0
Helpful
5
Replies

help urgent -- changing IPSec peer in live router remotely

dataline
Level 1
Level 1

‎01-19-2006 03:44 PM - edited ‎02-21-2020 02:12 PM

Hi,

Can anybody help me.this is urgent plz....

One of my client is having IPsec VPN bet 2 Cisco 1712s. At 1st location now he wants to connect a firewall & configure IPsec VPN on that firewall.

So It need to change the IPsec peer in remote end cisco (2nd location).But can anyone tell me what steps i need to take as client wants to do it without router reboot teh cisco & it needs to be done only from remotely but I should not loose the connection while changing IPsec peer.

The problem is that crypto-map is applied to the outside interface on which natting outside id configured & I can acces cisco thru this outside interface only.

So what steps Or precaution i need to take? plz help me..

Labels:
0 Helpful
5 Replies 5

attrgautam
Level 5
Level 5

‎01-19-2006 08:29 PM

If you are not logging in through the IPSec VPN, then i suggest removing the crypto map from the interface and then changing the peer. Makes it simple and foolproof.

0 Helpful

mheusinger
Level 10
Level 10
In response to attrgautam

‎01-20-2006 01:20 AM

Hello,

one way of possibly doing it:

Configure the new IP as second peer like in a backup scenario with two different central VPN gateways. It should not kill the existing tunnels. Once the customer changes his network environment the tunnel will be lost and the "backup" should kick in.

Hope this helps! Please rate all posts.

Regards, Martin

0 Helpful

dataline
Level 1
Level 1
In response to mheusinger

‎01-20-2006 06:55 AM

hi,

thanks for ur help.But how can i do that (backup tunnel).

does it mean that i hv to create another cryptp map with peer as second ip, or in the same cryptomap can i add 2 diff peers at the same time ?

Or if i create another crypto-map with reqd.peer IP & can i apply 2 diff crypto-maps at the same time on the same outside interface ????

can u plz explain or send a sample config ??

thnaks again for ur help

0 Helpful

dataline
Level 1
Level 1
In response to attrgautam

‎01-20-2006 06:50 AM

hi gautam,

Thanks a lot for ur help.I will access the router remotely by telnet not thru locally or thru console so still your suggested way will work?

I am not doing VPN to that router but accessing router just by telnet but remotely.

will that help me?

0 Helpful

attrgautam
Level 5
Level 5
In response to dataline

‎01-20-2006 06:55 AM

Yes you can do it by removing the crypto map if u r not logging through the VPN for which the crypto map is applied. There should be no problems at all.

And as far as the tunnels, just add another peer in the same crypto instance and remove the old one.

0 Helpful
Customers Also Viewed These Support Documents