Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Changing ISP's - config question

Status
Not open for further replies.
wfbtr

wfbtr

Technical User
Joined
Jun 16, 2004
Messages
288
Location
US
Hello-
I'm changing ISP's at one of my sites and am wondering if there's anything I need to change on my PIX 501 at that site, besides the new ip's. I have a VPN to another site that has a PIX 501.
I will be getting a block of 5 static ip's and I assume I'll just replace the old with the new.

thanks.
 
Sort by date Sort by votes
Pretty much just your external IP addresses.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
ok- that's what i thought.
another quickie- i just changed the hostname (remotely) and it kicked out a prompt that the %key will be invalid. now i can't ssh back into the PIX. do i need to regenerate a key?
 
Upvote 0 Downvote
When you change the hostname on the pix, you'll have to regenerate the key for ssh from the console.
 
Upvote 0 Downvote
great. thanks a lot.
 
Upvote 0 Downvote
You also need to reconfigure the vpn tunnel in the other pix 501 since the peer will be another ip address now.

Jan


Network Systems Engineer
CCNA/CQS/CCSP/Infosec
 
Upvote 0 Downvote
oh yeah-
good point. i may have left that off my checklist!
thanks.
 
Upvote 0 Downvote
ok. i made the switch today and the vpn isn't working. at the remote site where the switch was made i can browse the Internet. I was given a block of 5 ip's (SBC). on that PIX it would only allow me to enter one static mapping, not sure why. at the main office i changed two lines:

crypto map mymap 10 set peer x.135.182.130
isakmp key ******** address x.135.182.130 netmask 255.255.255.255

i just grabbed the first IP in the block and replaced the above line with that IP. is this all i have to do on the main site PIX? i see the netmask is all 255, but at the remote site the netmask ends with 248- not sure if that matters or not.

also i can't ssh into that remote site anymore.
thanks in advance.

 
Upvote 0 Downvote
i did a debug crypto isakmp, and looked up the error. it said my keys didn't match, so i just retyped it in and the vpn is working, though it wasn't working last night after i made the change. is it because the routing tables needed to propogate? (sbc's)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sparrow4
  • Locked
  • Question Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
1K
Johnkite
Johnkite
intel233
  • Locked
  • Question Question
Cisco ASA - VPN Question
Replies
6
Views
1K
intel233
intel233
tjbradford
  • Locked
  • Question Question
ASAX 5508 - basic config - packet loss
Replies
0
Views
343
tjbradford
tjbradford
RMurr34
  • Locked
  • Question Question
ASA Config - Open port 3389 for all IPs
Replies
1
Views
431
iggsterman
iggsterman
acabezas2014
  • Locked
  • Question Question
Configuring ASA for Network Segmentation
Replies
1
Views
559
acabezas2014
acabezas2014

Part and Inventory Search

Sponsor

Back
Top