Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
277
Views
0
Helpful
2
Replies

PIX firewall/IOS firewall VPN in a dynamic environment

j.warrier
Level 1
Level 1

‎05-28-2003 11:41 PM - edited ‎02-21-2020 12:34 PM

Hi,

I have a situation where I have to add peers to my crypto map as and when there are new customers for our VPN service. When I try to edit my crypto map entries to add the new peer, the rest of the established tunnels are torn down. Looks like these devices remove the crypto map from the interface and apply it again when we edit it. Since we have dynamic environment where we need to create new IPSEC peers every now and then (through the same interface) what is the suggested solution to avoid downtime?

Labels:
0 Helpful
2 Replies 2

l.cabral
Level 1
Level 1

‎05-29-2003 04:51 AM

You may try to configure a dynamic crypto map, one that does not knows previously the ip address of its peers, and let authentication to a radius server. In that way, you only need to add one user to the radius server to enable a new peer to interact with you via vpn.

Hope to help,

0 Helpful

j.warrier
Level 1
Level 1
In response to l.cabral

‎05-29-2003 04:58 PM

This is a good idea! Thanks.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents