For IP SEC communication first step in ISAKMP policy , it will start the ISAKMP SA session first,
so even you set POLICY 10 and POLICY 5 both peer of the router will communicate to use which POLICY for the ISAKMP SA established. then, they will establish the ISAKMP IPSEC last thing is CRYPTO MAP for contorlling the interesting traffic for the VPN session. ""brian"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I currently have a VPN tunnel setup between two external interfaces over > the internet with a branch and my main office. My isp is changing and I > am going to have to change the tunnel endpoint (peer address), here at > the main office. My configuration on the remote router looks similar to > this > > crypto isakmp policy 10 > crypto isakmp key cisco123 address 99.99.99.2 > crypto map mymap local-address FastEthernet0/1 > set peer 99.99.99.2 > > This isn't all the config, but my question is... if I put in the new > information with a 'policy 5' and everything else being equal except for > my peer address, my traffic would hit policy 5 and never go to policy > 10...right? Has anybody had to do this? I would like the router to > basically stay up, until I drop in the policy 5. Would the policy > immediately take effect? If I put the new policy together and drop it > in before I change my ip here, wouldn't the traffic be looked at for 5, > then the router would see the traffic it is supposed to encrypt, try to > establish a session with my policy 5 peer, see that it isn't up yet, > then go on to 10? When my new ip is put on the interface here at the > main office, the router would see traffic specified in an acl in policy > 5 and then form the tunnel... right? Some one help, I have convinced > myself this will work and if it doesn't I don't want to have to go to > Mexico.... wait, yes I do! > > thanks, > ipguru Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37373&t=37364 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
