Change site to site peer

Unanswered Question
Jul 21st, 2009

I have set up a site to site vpn between my corporate 5510 and a new 5510 for a remote office. I set a test public IP on the remote 5510 and used that IP for the peer address on the tunnel.

When I receive the permanent IP from the ISP for the remote 5510 is there a way to change the peer IP on the corporate 5510? So I don't have to recreate it?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Collin Clark Tue, 07/21/2009 - 05:29

Simply remove it-

no crypto map map1 20 set peer

Then re-enter with the correct IP-

crypto map map1 20 set peer

Hope that helps.

jim_berlow Tue, 07/21/2009 - 09:26

Hi Collin,

While that seems simple - just curious if that will also reset the related L2L statements needed for the site-to-site?

Will doing this:

no crypto map map1 20 set peer

crypto map map1 20 set peer

Change these statements?

tunnel-group type ipsec-l2l

tunnel-group ipsec-attributes

pre-shared-key *



Collin Clark Tue, 07/21/2009 - 09:28

Nope. You may get an error saying that the crypto map will be incomplete until you add a peer, but it will not remove the L2L settings.

jim_berlow Tue, 07/21/2009 - 09:33

Thanks. When you add in the new peer will it change the L2L statements automatically for you (or automatically create new ones corresponding to the new IPs)?

Hope that makes sense.


Collin Clark Tue, 07/21/2009 - 09:35

I know what you mean and unfortunately it does not. We had some sites that changed frequently and it was pain to maintain.


This Discussion