Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

VPN IP errors

I have a site to site between my office and a customer using two Pix 515E's. As my office has moved there is a new ip address at my office end. I have been to the clients site and changed the peer address to correspond but it will not connect. When debugging it appears that it is still trying to connect to the old ip address even though there is nothing in the config that relates to that address now. Has anyone come across this before and if so how did you resolve it.

4 REPLIES
Gold

Re: VPN IP errors

can you try commands

clear crypto isakmp sa

clear crypto ipsec sa

M.

New Member

Re: VPN IP errors

I have tried the clear crypto ipsec sa and clear crypto isakmp sa but that didnt work.

New Member

Re: VPN IP errors

I'm no expert but I know that there are some changes made to a crypto map that aren't dynamic, such as an access-list change.

Even if you issue a clear ipsec sa command the changes won't be reflected in the sa.

Try unbinding the cyrpto map and then re-binding it to the correct interface.

Also, if you are using PSKs, double check that the line isakmp key... is pointing to the correct address.

New Member

Re: VPN IP errors

Recently i just experienced this issue, we got an IP address change and must change the site-to-site peer. i use "no" to all our crypto map commands and acl, then enable that again. But then i must restarted the pix to get it to the right peer.

125
Views
0
Helpful
4
Replies
CreatePlease to create content