Hi tech guys. We have a problem with the connection-type (aka vpn initiator) due to we have two peers (two isp) in both sides of the vpn tunnel...

We need to find a way to can get a one-way initiator vpn. That's easy with only one side with dual isp, dual isp side is answer-only and the single isp side is originate-only, but it become a problem when the single isp side upgrades to dual isp.

It's possible to add a second crypto map setting for the same traffic, the same encryption, but different policy and peer and also as ANSWER-ONLY?

eg.

Cryto map for the first peer...

crypto map outside_map 20 match address outside_20_cryptomap (Same traffic)

crypto map outside_map 20 set connection-type answer-only

crypto map outside_map 20 set peer xxx.xxx.xxx.xxx (Primary ISP for the remote side)

crypto map outside_map 20 set transform-set ESP-3DES-SHA

Cryto map for the second peer...

crypto map outside_map 25 match address outside_20_cryptomap (Same traffic)

crypto map outside_map 25 set connection-type answer-only

crypto map outside_map 25 set peer xxx.xxx.xxx.xxx (Second ISP for the remote side)

crypto map outside_map 25 set transform-set ESP-3DES-SHA

Please help to see if it is possible, thanks.