Config Question

[rtiv]

Hello,

Here is my situation. We have 2 PIX520's set up in failover mode over at one of my remote locations. At our main office, we have another 520 in which we set up a site to site VPN with a 506 down at another remote branch office. A while back, we lost our T1 connection at our main office, thus, we changed all the routing to go out of of facility where we have the 2 520's. When that was done, we had to set up the site-site VPN to the other remote branch within the config of the 520's. All is well again with our main office T1 and the site-site VPN is back running from that office. My boss now wants me to remove from the configuration of the 520's failovers, anything referecing that temporary site-site. I'm not sure what to remove. Here is a copy/paste. Could someone tell me the exact commands as I'm new to this.

crypto ipsec transform-set pix56 esp-des esp-sha-hmac
crypto map companyname 1 ipsec-isakmp
crypto map companyname 1 match address 130
crypto map companyname 1 set peer 208.171.12.65
crypto map companyname 1 set transform-set pix56
crypto map companyname interface outside
isakmp enable outside
isakmp key ******** address 208.171.12.65 netmask 255.255.255.255
isakmp identity address
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash md5
isakmp policy 1 group 1
isakmp policy 1 lifetime 5000

 

[yizhar]

HI.

I guess that you need to remove all the pasted lines, and in addition look for un-needed access-list and "nat 0" statements.
(like access-list 130)

But, without the full picture, we cannot tell you exactly what to do.

Of course you will need to back up the config both before and after the changes, and to test that everything is working fine BOTH before and after changes.

There might also be some left overs at the pix506.

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar