Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Can't get Pix-Pix VPN established after remote global IP change.

Hello all,

A client recently received a new global IP range. We helped them change the Global IP on their PIX. Our ISAKMP Key was set to use a NAME record instead of an IP. We changed the name record to point to the new IP address. This did not re-establish the VPN. We did a "no isakmp key xxxx ...." and recreated the key using a new pre-shared key. We did the same thing on the remote pix. Still nothing. Showing detail on our pix for that ipsec sa shows the current peer for the remote pix as it's old IP address. Have I missed something? If so, what should I do to clear this particular ipsec and have it rekey to the new IP?

3 REPLIES
Gold

Re: Can't get Pix-Pix VPN established after remote global IP cha

Did you also change peer IP in your cryptomap

it should be command like this

crypto map map_name 1 set peer x.x.x.x

also commands

clear crypto isakmp sa

clear ipsec sa

Could be helpful

M.

Hope that helps rate if it does

New Member

Re: Can't get Pix-Pix VPN established after remote global IP cha

!!

We forgot the clear crypto isakmp sa and the clear ipsec sa commands!

Once we did that, it seems to have worked!

Thank you very much!

Gold

Re: Can't get Pix-Pix VPN established after remote global IP cha

Please rate helpful post to help identify useful threads

M.

155
Views
5
Helpful
3
Replies
CreatePlease to create content