That was going to be my plan as well, however we don't have access to the devices, this vendor manages them. I have an account that can view the config so it gets stored in our config repository and that's it. Based on what I can see, im going to have to call BS on the vendor...
Thanks for confirming my assumptions. Blake -----Original Message----- From: Gert Doering [mailto:g...@greenie.muc.de] Sent: Friday, September 13, 2013 4:54 AM To: Blake Pfankuch - Mailing List Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Cisco IPSec VPN's (Tunnel Interfaces) migrating from 12.2.25 to 15.1.4 HI, On Thu, Sep 12, 2013 at 09:49:01PM +0000, Blake Pfankuch - Mailing List wrote: > Working with a vendor who is saying that when we "upgrade" from 12.2.25 to > 15.1.4 on a couple of 2800 series routers holding about 15 IPSec vpn's and > tunnel interfaces with EIGRP across them we are going to have to rewrite all > of the config due to completely new command syntax on 15.1.4 compared to > 12.2.25. > > Has anyone run into this before? I am seeing little differences, but not > crazy amounts... Without being able to specifically answer your question, I think there's two aspects to it - *usually* IOS does a tremendous job in understanding old configs, and rewriting to new format when upgrading on "main line" trains (when going from stuff like 12.0S to 12.2SB to 12.4, that might not always work) - that "vendor" might have learned that newer IOS have an *additional* way to configure IPSEC - the old way is "crypto map on the outside interface", while the new way is "a tunnel interface with encapsulation IPSEC". If you want to use the new way, you'll have to rewrite your config, but *as far as I understand* "crypto map style" is still supported. So... I would just try it on one box, and if it comes up and all the IPSEC config is borked, go back to 12.2, and go to the lab to see what needs changing :-) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
