Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Site to Site IP change

We changed our IP address at one of our sites. Can some one tell me the commands to hook them back up and oin which unit each runs on that would be great. Unit 1 has the new IP Unit 2 has not changed

Thanks.

7 REPLIES

Re: Site to Site IP change

What devices are you using? ASA firewalls? routers?

Community Member

Re: Site to Site IP change

Sorry

ASA 5510 on both ends.

Re: Site to Site IP change

I'm assuming you mean you have a L2L IPSec VPN that needs to be re-established between the two sites.

If this is the case, completing the change should be pretty straightforward. Make a backup of the config from both devices. Remove the specific crypto map from Unit2 referencing Unit1:

Use these commands to remove and replace a crypto map on the PIX or ASA:

Begin with the removal of the crypto map from the interface. Use the no form of the crypto map command. (Be aware:This will bring down any other tunnels you may have configured)

securityappliance(config)#no crypto map mymap interface outside

Continue to use the no form to remove the other specific crypto map commands:

securityappliance(config)#no crypto map mymap 10 match address 101

securityappliance(config)#no crypto map mymap set transform-set mySET securityappliance(config)#no crypto map mymap set peer 10.0.0.1

Change your IP address on Unit1.

Replace the crypto map for the new peer on Unit 2. This example shows the minimum required crypto map configuration:

securityappliance(config)#crypto map mymap 10 ipsec-isakmp

securityappliance(config)#crypto map mymap 10 match address 101

securityappliance(config)#crypto map mymap 10 set transform-set mySET

securityappliance(config)#crypto map mymap 10 set peer 10.0.0.2

securityappliance(config)#crypto map mymap interface outside

Community Member

Re: Site to Site IP change

Thanks

Community Member

Re: Site to Site IP change

Hi

Just to be clear I would replace mymap with Outside_map in the commands you gave me.

crypto map Outside_map 1 match address Outside_1_cryptomap

crypto map Outside_map 1 set pfs

crypto map Outside_map 1 set peer 209.5.255.48

crypto map Outside_map 1 set transform-set ESP-3DES-SHA

crypto map Outside_map 65534 ipsec-isakmp dynamic Outside_dyn_map

crypto map Outside_map interface Outside

Re: Site to Site IP change

That is correct. I was just using 'mymap' as an example.

Good luck with it.

Community Member

Re: Site to Site IP change

Thanks that worked.

141
Views
5
Helpful
7
Replies
CreatePlease to create content