Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

help urgent -- changing IPSec peer in live router remotely

Hi,

Can anybody help me.this is urgent plz....

One of my client is having IPsec VPN bet 2 Cisco 1712s. At 1st location now he wants to connect a firewall & configure IPsec VPN on that firewall.

So It need to change the IPsec peer in remote end cisco (2nd location).But can anyone tell me what steps i need to take as client wants to do it without router reboot teh cisco & it needs to be done only from remotely but I should not loose the connection while changing IPsec peer.

The problem is that crypto-map is applied to the outside interface on which natting outside id configured & I can acces cisco thru this outside interface only.

So what steps Or precaution i need to take? plz help me..

5 REPLIES
Silver

Re: help urgent -- changing IPSec peer in live router remotely

If you are not logging in through the IPSec VPN, then i suggest removing the crypto map from the interface and then changing the peer. Makes it simple and foolproof.

Re: help urgent -- changing IPSec peer in live router remotely

Hello,

one way of possibly doing it:

Configure the new IP as second peer like in a backup scenario with two different central VPN gateways. It should not kill the existing tunnels. Once the customer changes his network environment the tunnel will be lost and the "backup" should kick in.

Hope this helps! Please rate all posts.

Regards, Martin

New Member

Re: help urgent -- changing IPSec peer in live router remotely

hi,

thanks for ur help.But how can i do that (backup tunnel).

does it mean that i hv to create another cryptp map with peer as second ip, or in the same cryptomap can i add 2 diff peers at the same time ?

Or if i create another crypto-map with reqd.peer IP & can i apply 2 diff crypto-maps at the same time on the same outside interface ????

can u plz explain or send a sample config ??

thnaks again for ur help

New Member

Re: help urgent -- changing IPSec peer in live router remotely

hi gautam,

Thanks a lot for ur help.I will access the router remotely by telnet not thru locally or thru console so still your suggested way will work?

I am not doing VPN to that router but accessing router just by telnet but remotely.

will that help me?

Silver

Re: help urgent -- changing IPSec peer in live router remotely

Yes you can do it by removing the crypto map if u r not logging through the VPN for which the crypto map is applied. There should be no problems at all.

And as far as the tunnels, just add another peer in the same crypto instance and remove the old one.

104
Views
0
Helpful
5
Replies
CreatePlease login to create content