[c-nsp] VPN-3000 and PIX VPN peer change question?
Scott Granados
gsgranados at comcast.net
Tue Aug 11 14:39:20 EDT 2009
Hi, I have a question about upgrading a connection for a remote site and
changing the VPN peer on a VPN-3000.
BACKGROUND
In the field I have a branch office with a Pix that provides their office
connectivity and VPN tunnel back to HQ. The branch office is having its
bandwidth increased by swapping to a new provider that offers a metro E
package. The IP addressing of the firewall will change but all the other
services and internal addressing remain the same.
At HQ I have a VPN-3000 with that wonderful point / click thingy instead
of a real usable command interface. On the VPN-3000 I have a profile that
sets up a lan to lan VPN (their wording) back to the Pix at the branch.
QUESTION
My question is assuming the Pix in the field is updated and all other
things work will I simply need to change the peer address on the VPN-3000 to
reconnect the VPN? Also, am I correct in my thinking that you change the
peer address under configuration / policies / ipsec / L2L/ (profile)?
There's a peer address that matches my far end, are there any other
instances or things I should adjust? Pointers would be appreciated. To me
it looks like I make this one change and it should work but I want to make
sure before I have a guy sitting in the field holding his shmeckle while I
try to figure things out.:)
Thanks
Scott
More information about the cisco-nsp
mailing list