HI, On Thu, Sep 12, 2013 at 09:49:01PM +0000, Blake Pfankuch - Mailing List wrote: > Working with a vendor who is saying that when we "upgrade" from 12.2.25 to > 15.1.4 on a couple of 2800 series routers holding about 15 IPSec vpn's and > tunnel interfaces with EIGRP across them we are going to have to rewrite all > of the config due to completely new command syntax on 15.1.4 compared to > 12.2.25. > > Has anyone run into this before? I am seeing little differences, but not > crazy amounts...
Without being able to specifically answer your question, I think there's two aspects to it - *usually* IOS does a tremendous job in understanding old configs, and rewriting to new format when upgrading on "main line" trains (when going from stuff like 12.0S to 12.2SB to 12.4, that might not always work) - that "vendor" might have learned that newer IOS have an *additional* way to configure IPSEC - the old way is "crypto map on the outside interface", while the new way is "a tunnel interface with encapsulation IPSEC". If you want to use the new way, you'll have to rewrite your config, but *as far as I understand* "crypto map style" is still supported. So... I would just try it on one box, and if it comes up and all the IPSEC config is borked, go back to 12.2, and go to the lab to see what needs changing :-) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpsgPUD66PcY.pgp
Description: PGP signature
_______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/