cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
747
Views
5
Helpful
7
Replies

Site to Site IP change

fundataca
Level 1
Level 1

We changed our IP address at one of our sites. Can some one tell me the commands to hook them back up and oin which unit each runs on that would be great. Unit 1 has the new IP Unit 2 has not changed

Thanks.

7 Replies 7

eddie.mitchell
Level 3
Level 3

What devices are you using? ASA firewalls? routers?

Sorry

ASA 5510 on both ends.

I'm assuming you mean you have a L2L IPSec VPN that needs to be re-established between the two sites.

If this is the case, completing the change should be pretty straightforward. Make a backup of the config from both devices. Remove the specific crypto map from Unit2 referencing Unit1:

Use these commands to remove and replace a crypto map on the PIX or ASA:

Begin with the removal of the crypto map from the interface. Use the no form of the crypto map command. (Be aware:This will bring down any other tunnels you may have configured)

securityappliance(config)#no crypto map mymap interface outside

Continue to use the no form to remove the other specific crypto map commands:

securityappliance(config)#no crypto map mymap 10 match address 101

securityappliance(config)#no crypto map mymap set transform-set mySET securityappliance(config)#no crypto map mymap set peer 10.0.0.1

Change your IP address on Unit1.

Replace the crypto map for the new peer on Unit 2. This example shows the minimum required crypto map configuration:

securityappliance(config)#crypto map mymap 10 ipsec-isakmp

securityappliance(config)#crypto map mymap 10 match address 101

securityappliance(config)#crypto map mymap 10 set transform-set mySET

securityappliance(config)#crypto map mymap 10 set peer 10.0.0.2

securityappliance(config)#crypto map mymap interface outside

Thanks

fundataca
Level 1
Level 1

Hi

Just to be clear I would replace mymap with Outside_map in the commands you gave me.

crypto map Outside_map 1 match address Outside_1_cryptomap

crypto map Outside_map 1 set pfs

crypto map Outside_map 1 set peer 209.5.255.48

crypto map Outside_map 1 set transform-set ESP-3DES-SHA

crypto map Outside_map 65534 ipsec-isakmp dynamic Outside_dyn_map

crypto map Outside_map interface Outside

That is correct. I was just using 'mymap' as an example.

Good luck with it.

Thanks that worked.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: