PIX 6.3 and Crypto Map sequence number X with two peers

Unanswered Question

I have a customer in India who wants me to build a crypto map sequence number with two peers. The pix running 6.3 will except the code but I have not seen this done in the past nor can I find any documentaion to support this configuration. Can someone help?

By the way - this is for an active/standby solution which will always be initiated by the customer side

Example:

crypto map VPN-TUNNEL 4 set peer x.x.x.x

crypto map VPN-TUNNEL 4 set peer y.y.y.y

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ajagadee Wed, 11/19/2008 - 15:25

Hi,

Yes, this is possible.

crypto map VPN-TUNNEL 4 set peer 1.1.1.1

crypto map VPN-TUNNEL 4 set peer 2.2.2.2

For ipsec-isakmp crypto map entries, you can specify multiple peers by repeating this command. The peer that packets are actually sent to is determined by the last peer that the PIX Firewall received either traffic or a negotiation request from for a given data flow. If the attempt fails with the first peer, IKE tries the next peer on the crypto map list.

http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/c.html#wp1034654

Regards,

Arul

*Pls rate if it helps*

Actions

This Discussion