Changing crypto isakmp identity on live network with active VPN's
We currently have several VPN's configured, site to site and remote access, on one of our firewalls. All of the VPN's use pre-share key and ISAKMP is configured to use IP Address's for identifcation. I need to setup a new VPN remote access group that will use certificates instead of a pre-sahred key. In order to do this I will need to change the command crypto isakmp identity address to crypto isakmp identity auto. The question comes up, since this is a system wide change, what affect (if any) it will have on existing tunnels?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...