[c-nsp] Cisco IPSec VPN's (Tunnel Interfaces) migrating from 12.2.25 to 15.1.4

Gert Doering gert at greenie.muc.de
Fri Sep 13 06:54:11 EDT 2013


HI,

On Thu, Sep 12, 2013 at 09:49:01PM +0000, Blake Pfankuch - Mailing List wrote:
> Working with a vendor who is saying that when we "upgrade" from 12.2.25 to 15.1.4 on a couple of 2800 series routers holding about 15 IPSec vpn's and tunnel interfaces with EIGRP across them we are going to have to rewrite all of the config due to completely new command syntax on 15.1.4 compared to 12.2.25.
> 
> Has anyone run into this before?  I am seeing little differences, but not crazy amounts...

Without being able to specifically answer your question, I think there's
two aspects to it

 - *usually* IOS does a tremendous job in understanding old configs, and
   rewriting to new format when upgrading on "main line" trains (when
   going from stuff like 12.0S to 12.2SB to 12.4, that might not always
   work)

 - that "vendor" might have learned that newer IOS have an *additional*
   way to configure IPSEC - the old way is "crypto map on the outside
   interface", while the new way is "a tunnel interface with encapsulation
   IPSEC".  If you want to use the new way, you'll have to rewrite your
   config, but *as far as I understand* "crypto map style" is still
   supported.

So... I would just try it on one box, and if it comes up and all the 
IPSEC config is borked, go back to 12.2, and go to the lab to see 
what needs changing :-)

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20130913/e9d798f7/attachment.sig>


More information about the cisco-nsp mailing list