Deactivating Crypto Lists To Modify Ipsec Vpn Parameters - Avaya G250 Administration
Media gateway
Hide thumbs
Also See for G250:
- Administration manual (840 pages) ,
- Reference (812 pages) ,
- Administration (720 pages)
Table of Contents
Advertisement
7. Repeat steps 4, 5 and 6 for every ip-rule you wish to define in the crypto-list.
8. Exit ip-rule context using the exit command.
G350-001(Crypto 901/ip rule default)# exit
G350-001(Crypto 901)#
9. Exit crypto-list context using the exit command.
G350-001(Crypto 901)# exit
G350-001#
Deactivating crypto lists to modify IPSec VPN parameters
Most IPSec VPN parameters cannot be modified if they are linked to an active crypto list. To
modify a parameter linked to an active crypto list, you must first deactivate the list using the
no ip crypto-group command in the context of the interface on which the crypto list is
activated.
Note:
If the crypto list is activated on more than one interface, deactivate the crypto list
Note:
for each of the interfaces on which it is activated.
For example:
G350-001# interface Serial 2/1
G350-001(if: Serial 2/1)# no ip crypto-group
Done!
After modifying IPSec VPN parameters as desired, re-activate the crypto list on the interface
using the ip crypto-group crypto-list-id command. For example:
G350-001# interface Serial 2/1
G350-001(if: Serial 2/1)# ip crypto-group 901
Done!
Tip:
If you wish to change the parameters of a crypto-list, you can use the ip
Tip:
policy-list-copy <old list> <new list> command, edit the new list,
and activate it on the interface. Note that activating the new list will cause all the
current IPSec tunnels to close.
Configuring a site-to-site IPSec VPN
Issue 1.1 June 2005
379
Advertisement
Table of Contents
