2 sites with cisco 1712 with IPsec vPN bet them.Now at 1st location Natting as well config related to IPsec needs be removed as client wants to connect firewall to Cisco & wants to do natting as well Ipsec on Firewall.
So i need to remove Ipsec related config (crypto map,acces-list for vpn etc) from cisco remotely & cisco is live & i don;t want to loose teh connection.How i can acheive this?
1 thing is that outside natting as well crypto map is applied on the outside interface thru which only i can access cisco.
specially what precaution i need to take when removing the access-list for vpn remotely without loosing teh connection to cisco remotely & without rebooting the router??
should I remove the crypto-map from outside interface first & then remove access-list for vpn ?? or any other step ?? Because i tried to remove aceess-list for vpn first(though i shut f0 inteface to stop natting & any traffic from local lan)without removing crypto-map from outside interface & i lst the connection to cisco twice & i asked client to reboot cisco twice to get back the connection :)
Re: removing IPsec config from live cisco remotely
Exactly what the previous poster said (remove crypto map from public interface), but in future issue the " reload in 5 " (or 10) command before messing with crypto stuff, that way the router will reload automatically in 5 minutes so if you manage to screw up the config, it will save you an embarrasing phone call asking people to switch on/off the router ;)
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...