changeing lease line from serial to FE

Unanswered Question
Jun 8th, 2009

Hi all,

i have upgrade the lease line and also change serial to fast ethernet port so pls suggest me that ,how can change the local crypto endpoint,remote crypto endpoint and crypto map tag and crypto ipsec . and also specific changes required in to upgrade

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Mon, 06/08/2009 - 22:56

Hello Mayank,

you can reuse the same crypto map on the new wan interface.

You need also a new default route using the new interface.

you need to upgrade the peer ip address on the other side router:

other side router:

no crypto isakmp key yourkey address old-address

! first you remove old command to be

! able to reuse the key

crypto isakmp key yourkey address new-address

inside the crypto map do the following

crypto map name ipsec-isakmp

set peer new-address

no set peer old-address

Be aware that changes can be critical on HQ side: calling a non-existing ACL in a crypto map block causes a black hole in all following crypto map blocks because the non existing ACL works as a permit ip any any.

Hope to help



This Discussion