Adding Crypto Maps to Config

[david902]

I need to add some new ikasmp crypto maps to my PIX config.

we've got a new site up and I need to establish VPN connectivity.

my research shows that I need to bring down the existing tunnels before adding the configuration for the new site.

I've been looking all over for documentation on how to do this, most configs in books, are single VPN site configurations and none of them go into adding additional sites, with existing established sites

So how do I do this ?


Clear crypto ipsec sa ?

The network guy who did this before, said he removed statements to shut the tunnels down, and then readded the statement and the tunnels came back up, He can't remember what the statements was tho'.

TIA

 

[themut]

1. Remove the crypto map from the interface
2. Configure the new site
3. Reconfigure the crypto map back to the interface

Failure to do so might lock up the PIX and ALL traffic would be encrypted therefore all conections will fail.

 

[mrhyd3]

David,

Usually all I do is copy 4 of the crypto maps, renumber the map seq # and past with appropriate values. Add the appropriate ACL's, and add pre-share key.

Then I perform a #clear ipsec sa and #clear ipsec sa counters

That usually does it.