02-13-2009 04:26 AM
We changed our IP address at one of our sites. Can some one tell me the commands to hook them back up and oin which unit each runs on that would be great. Unit 1 has the new IP Unit 2 has not changed
Thanks.
02-13-2009 05:56 AM
What devices are you using? ASA firewalls? routers?
02-13-2009 07:01 AM
Sorry
ASA 5510 on both ends.
02-13-2009 07:49 AM
I'm assuming you mean you have a L2L IPSec VPN that needs to be re-established between the two sites.
If this is the case, completing the change should be pretty straightforward. Make a backup of the config from both devices. Remove the specific crypto map from Unit2 referencing Unit1:
Use these commands to remove and replace a crypto map on the PIX or ASA:
Begin with the removal of the crypto map from the interface. Use the no form of the crypto map command. (Be aware:This will bring down any other tunnels you may have configured)
securityappliance(config)#no crypto map mymap interface outside
Continue to use the no form to remove the other specific crypto map commands:
securityappliance(config)#no crypto map mymap 10 match address 101
securityappliance(config)#no crypto map mymap set transform-set mySET securityappliance(config)#no crypto map mymap set peer 10.0.0.1
Change your IP address on Unit1.
Replace the crypto map for the new peer on Unit 2. This example shows the minimum required crypto map configuration:
securityappliance(config)#crypto map mymap 10 ipsec-isakmp
securityappliance(config)#crypto map mymap 10 match address 101
securityappliance(config)#crypto map mymap 10 set transform-set mySET
securityappliance(config)#crypto map mymap 10 set peer 10.0.0.2
securityappliance(config)#crypto map mymap interface outside
02-13-2009 07:56 AM
Thanks
02-17-2009 04:09 AM
Hi
Just to be clear I would replace mymap with Outside_map in the commands you gave me.
crypto map Outside_map 1 match address Outside_1_cryptomap
crypto map Outside_map 1 set pfs
crypto map Outside_map 1 set peer 209.5.255.48
crypto map Outside_map 1 set transform-set ESP-3DES-SHA
crypto map Outside_map 65534 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map interface Outside
02-17-2009 04:42 AM
That is correct. I was just using 'mymap' as an example.
Good luck with it.
02-18-2009 05:16 AM
Thanks that worked.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide