PIX 6.3 and Crypto Map sequence number X with two peers

Unanswered Question

I have a customer in India who wants me to build a crypto map sequence number with two peers. The pix running 6.3 will except the code but I have not seen this done in the past nor can I find any documentaion to support this configuration. Can someone help?

By the way - this is for an active/standby solution which will always be initiated by the customer side


crypto map VPN-TUNNEL 4 set peer x.x.x.x

crypto map VPN-TUNNEL 4 set peer y.y.y.y

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ajagadee Wed, 11/19/2008 - 15:25
User Badges:
  • Cisco Employee,


Yes, this is possible.

crypto map VPN-TUNNEL 4 set peer

crypto map VPN-TUNNEL 4 set peer

For ipsec-isakmp crypto map entries, you can specify multiple peers by repeating this command. The peer that packets are actually sent to is determined by the last peer that the PIX Firewall received either traffic or a negotiation request from for a given data flow. If the attempt fails with the first peer, IKE tries the next peer on the crypto map list.




*Pls rate if it helps*


This Discussion