I currently have a VPN tunnel setup between two external interfaces over the internet with a branch and my main office. My isp is changing and I am going to have to change the tunnel endpoint (peer address), here at the main office. My configuration on the remote router looks similar to this
crypto isakmp policy 10 crypto isakmp key cisco123 address 99.99.99.2 crypto map mymap local-address FastEthernet0/1 set peer 99.99.99.2 This isn't all the config, but my question is... if I put in the new information with a 'policy 5' and everything else being equal except for my peer address, my traffic would hit policy 5 and never go to policy 10...right? Has anybody had to do this? I would like the router to basically stay up, until I drop in the policy 5. Would the policy immediately take effect? If I put the new policy together and drop it in before I change my ip here, wouldn't the traffic be looked at for 5, then the router would see the traffic it is supposed to encrypt, try to establish a session with my policy 5 peer, see that it isn't up yet, then go on to 10? When my new ip is put on the interface here at the main office, the router would see traffic specified in an acl in policy 5 and then form the tunnel... right? Some one help, I have convinced myself this will work and if it doesn't I don't want to have to go to Mexico.... wait, yes I do! thanks, ipguru Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37364&t=37364 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
