IPSec Preferred Peer

Unanswered Question
Dec 18th, 2008
User Badges:

Hi everyone,

I am pretty new to vpn configs and am trying to get ipsec preferred peer to work but I am having some problems.

I've tried a failover with the provider. It worked fine but when all interface on the primary telco router were restored I couldn't establish the vpn. I manually removed the peers config, added again and then I was able to establish connection with the default peer

Has anyone tried this kind of config before? I am using a cisco 3845.

crypto map Telecom 160 ipsec-isakmp

set peer default

set peer

set security-association idle-time 60

set transform-set Standard_transform

match address 160

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
muca Mon, 01/05/2009 - 14:53
User Badges:

Hi Iris,

I read that document before. In my case I think the problem is an IOS bug.

bug CSCsc98737

CSCsc98737 Bug Details

VPNSPA:IKE/IPSec default peer functionality with idle timer is not OK



When we configure the default route, every new connection should check for default peer before it starts a new connection. Here that check is not happening.


This Discussion