Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN

We need to change the IP address of our PIX firewall. We have almost 50 vpn tunnels (pre-dominantly PIX 501s) pointing towards our PIX515. Most tunnels are using crypto maps with access-lists and pre-shared keys . We need to set up the remote PIXes in advance so that the VPNs come back up after the IP address change. I've been able to get this to work with ASA5505s on the remote side. The new tunnels form automatically when the primary tunnel drops. However when we use PIX 501s, the new tunnel doesn't form until we clear the security association on the remote side. Is there any configuration which will allow us to have the tunnel failover to the new IP address?

1 REPLY
Cisco Employee

Re: VPN

I think "isakmp keepalive seconds [retry_seconds]" should help.

e.g. isakmp keepalive 10

103
Views
0
Helpful
1
Replies
CreatePlease to create content