Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

removing IPsec config from live cisco remotely


Can anybody plz help me.Here is scenario

2 sites with cisco 1712 with IPsec vPN bet them.Now at 1st location Natting as well config related to IPsec needs be removed as client wants to connect firewall to Cisco & wants to do natting as well Ipsec on Firewall.

So i need to remove Ipsec related config (crypto map,acces-list for vpn etc) from cisco remotely & cisco is live & i don;t want to loose teh connection.How i can acheive this?

1 thing is that outside natting as well crypto map is applied on the outside interface thru which only i can access cisco.

specially what precaution i need to take when removing the access-list for vpn remotely without loosing teh connection to cisco remotely & without rebooting the router??

should I remove the crypto-map from outside interface first & then remove access-list for vpn ?? or any other step ?? Because i tried to remove aceess-list for vpn first(though i shut f0 inteface to stop natting & any traffic from local lan)without removing crypto-map from outside interface & i lst the connection to cisco twice & i asked client to reboot cisco twice to get back the connection :)

Community Member

Re: removing IPsec config from live cisco remotely


Configure outside ACL on router to allow you to SSH to it then remove crypto map. restore ACL when reconfiguration complete.



Community Member

Re: removing IPsec config from live cisco remotely

Exactly what the previous poster said (remove crypto map from public interface), but in future issue the " reload in 5 " (or 10) command before messing with crypto stuff, that way the router will reload automatically in 5 minutes so if you manage to screw up the config, it will save you an embarrasing phone call asking people to switch on/off the router ;)

now if only the PIX could do that...

CreatePlease to create content