Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
667
Views
0
Helpful
2
Replies

VPN Tunnel Down

Dan Loring
Level 1
Level 1

‎11-12-2012 11:12 AM

                   I have a vpn connection to a remote site, evidently it turns out that IP is dynamic.  So Every 6 months there ip changes.  I know we should have a static IP.  So the last time this happened I removed the old IP address and put in the new one on the ASA on our end:

config t

no crypto map mymap 1 set peer 72.95.xx.xx

crypto map mymap 1 set peer 72.65.xx.xx

The technician who previousely worked on this, and is in the woods hunting, said that he also

re-applied the myset crypto map on outside interface.

Does anyone know what I need to do to to re-apply the myset crypto map on the outside interface??

Labels:
0 Helpful
2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

‎11-12-2012 09:33 PM

No, you don't need to reapply the crypto map on the outside interface.

Just have to clear the ipsec tunnel on both end in case one side is still active and the other side has been cleared.

However, re-applying the crypto map on the outside interface will also reset the tunnel. If you only have 1 tunnel, then it's ok to re-apply the crypto map. However if you have multiple tunnels, that would also clear the other tunnels.

0 Helpful

SSCH1NDLER
Level 1
Level 1

‎11-12-2012 11:46 PM

Hallo,

you must also create a new tunnel-group with the changed ip and the "old" pre shared key.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents