Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
454
Views
0
Helpful
1
Replies

PIX 6.3 and Crypto Map sequence number X with two peers

sarcher
Level 1
Level 1

‎11-19-2008 07:32 AM

I have a customer in India who wants me to build a crypto map sequence number with two peers. The pix running 6.3 will except the code but I have not seen this done in the past nor can I find any documentaion to support this configuration. Can someone help?

By the way - this is for an active/standby solution which will always be initiated by the customer side

Example:

crypto map VPN-TUNNEL 4 set peer x.x.x.x

crypto map VPN-TUNNEL 4 set peer y.y.y.y

Labels:
0 Helpful
1 Reply 1

ajagadee
Cisco Employee
Cisco Employee

‎11-19-2008 03:25 PM

Hi,

Yes, this is possible.

crypto map VPN-TUNNEL 4 set peer 1.1.1.1

crypto map VPN-TUNNEL 4 set peer 2.2.2.2

For ipsec-isakmp crypto map entries, you can specify multiple peers by repeating this command. The peer that packets are actually sent to is determined by the last peer that the PIX Firewall received either traffic or a negotiation request from for a given data flow. If the attempt fails with the first peer, IKE tries the next peer on the crypto map list.

http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/c.html#wp1034654

Regards,

Arul

*Pls rate if it helps*

0 Helpful
Customers Also Viewed These Support Documents