Hi tech guys. We have a problem with the connection-type (aka vpn initiator) due to we have two peers (two isp) in both sides of the vpn tunnel...
We need to find a way to can get a one-way initiator vpn. That's easy with only one side with dual isp, dual isp side is answer-only and the single isp side is originate-only, but it become a problem when the single isp side upgrades to dual isp.
It's possible to add a second crypto map setting for the same traffic, the same encryption, but different policy and peer and also as ANSWER-ONLY?
eg.
Cryto map for the first peer...
crypto map outside_map 20 match address outside_20_cryptomap (Same traffic)
crypto map outside_map 20 set connection-type answer-only
crypto map outside_map 20 set peer xxx.xxx.xxx.xxx (Primary ISP for the remote side)
crypto map outside_map 20 set transform-set ESP-3DES-SHA
Cryto map for the second peer...
crypto map outside_map 25 match address outside_20_cryptomap (Same traffic)
crypto map outside_map 25 set connection-type answer-only
crypto map outside_map 25 set peer xxx.xxx.xxx.xxx (Second ISP for the remote side)
crypto map outside_map 25 set transform-set ESP-3DES-SHA
Please help to see if it is possible, thanks.