Re: IPSec Tunnel and Hostname Change

paul1202 · ‎10-23-2018

Hi All,

If I have an exisiting IPSec tunnel between 2 routers and one of the routers has a hostname change, will the IPSec fail either straight away or say at a reload of either device?

Is there a trust between the 2 devices using the hostname, even if the default crypto isakmp identity address is configured on both sides.

I assume I would have to create a new crypto key for the hostname change router.

Thanks,

Paul

Marvin Rhoads · ‎10-23-2018

Changing the hostname should not affect an existing site-site IPsec VPN. It will not overwrite any existing pre-shared key. It won't change any RSA key or keys (even though that's not used in a VPN) that are existing.

The only way I can think it would affect the VPN would be if you were doing something like using the device FQDN in the identity (e.g., with FlexVPN) and you were changing the FQDN as part of the hostname change. However that is a very uncommon use case.

paul1202 · ‎10-23-2018

Thanks for your reply Marvin.

I managed to lab the scenario (different router platforms) and you are correct :-)

The issue I have is a direct router replacement for one of them with a hostname only change will not re-establish the IPSec tunnel.

The only difference from my lab setup is they are using an encrypted pre-shared key where I am using plain-text. I will see if that for whatever reason it makes a difference!