06-24-2002 05:12 AM - edited 02-21-2020 11:49 AM
I have two 515 Pix's in failover, I have successfully established one 3DES VPN with peer.
On adding the second cryptomap configuration (with different map ID, yet identical to first map details just different peer), to the host Pix, I seem to loose the connection to the internet. This connection is not restored unless I remove the second cryptomap config from the Pix. During the outage the interface appears to be up but I'm unable to browse the web.
Is there something I am missing when adding the second VPN config?
Does it matter whether the host Pix's are in failover?
06-24-2002 09:15 PM
Whenever you make changes to the crypto map, you should first un-apply the crypto map off the interface to avoid such situations happening.
Changing access-list for crypto, nat statements, policy, and anything that is related to the ipsec config could cause you to lock up the interface if you do not unapply the crypto map off the interface first.
no crypto map 'mapname' interface outside
no isakmp enable outside
Make your changes to the config, then re-apply the 2 commands.
Regards,
06-26-2002 01:51 AM
Many thanks, that did the trick.
Regards.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: