[c-nsp] Changing Peer IP of VPN headend
Octavio Alvarez
alvarezp at alvarezp.ods.org
Thu Apr 2 02:13:53 EDT 2015
On 01/04/15 08:05, Michael Malitsky wrote:
> I need to change the public IP of my VPN headend, which will
> necessitate corresponding Peer IP changes on all N remote peers. We
> already have the new IP space, currently configured as a secondary
> address. Problem is that N-1 of the peers are completely outside of
> our control, and scheduling all of them to cut over within a narrow
> window (one day?) is going to be very challenging to say the least.
> Is there a way to cut them over one-by-one, perhaps a way to bind
> another crypto map to the secondary ip address? My searching on
> google and cisco lead me to believe the answer is NO, but I am hoping
> I missed something.
I would try using a different physical interface in the router to have
another crypto map (you can even use "crypto map local-address"). If you
don't have another physical interface you could --depending on your
topology-- change your output interface to an 802.1Q trunk and have two
subinterfaces.
> Router in question is a 2801. All VPNs are site-to-site IPSEC.
Best regards.
More information about the cisco-nsp
mailing list