Change site to site peer

brentwoodind · ‎07-21-2009

I have set up a site to site vpn between my corporate 5510 and a new 5510 for a remote office. I set a test public IP on the remote 5510 and used that IP for the peer address on the tunnel.

When I receive the permanent IP from the ISP for the remote 5510 is there a way to change the peer IP on the corporate 5510? So I don't have to recreate it?

Collin Clark · ‎07-21-2009

Simply remove it-

no crypto map map1 20 set peer 192.168.50.100

Then re-enter with the correct IP-

crypto map map1 20 set peer 75.50.95.72

Hope that helps.

jim_berlow · ‎07-21-2009

Hi Collin,

While that seems simple - just curious if that will also reset the related L2L statements needed for the site-to-site?

Will doing this:

no crypto map map1 20 set peer 192.168.50.100

crypto map map1 20 set peer 75.50.95.72

Change these statements?

tunnel-group 192.168.50.100 type ipsec-l2l

tunnel-group 192.168.50.100 ipsec-attributes

pre-shared-key *

Thanks,

Jim

Collin Clark · ‎07-21-2009

Nope. You may get an error saying that the crypto map will be incomplete until you add a peer, but it will not remove the L2L settings.

jim_berlow · ‎07-21-2009

Thanks. When you add in the new peer will it change the L2L statements automatically for you (or automatically create new ones corresponding to the new IPs)?

Hope that makes sense.

Jim

Collin Clark · ‎07-21-2009

I know what you mean and unfortunately it does not. We had some sites that changed frequently and it was pain to maintain.

jim_berlow · ‎07-21-2009

Thank you, Collin. Appreciate all your help.