IPSec Preferred Peer

Unanswered Question
Dec 18th, 2008

Hi everyone,

I am pretty new to vpn configs and am trying to get ipsec preferred peer to work but I am having some problems.

I've tried a failover with the provider. It worked fine but when all interface on the primary telco router were restored I couldn't establish the vpn. I manually removed the peers config, added again and then I was able to establish connection with the default peer 172.31.41.169

Has anyone tried this kind of config before? I am using a cisco 3845.

crypto map Telecom 160 ipsec-isakmp

set peer 172.31.41.169 default

set peer 172.31.41.170

set security-association idle-time 60

set transform-set Standard_transform

match address 160

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
muca Mon, 01/05/2009 - 14:53

Hi Iris,

I read that document before. In my case I think the problem is an IOS bug.

bug CSCsc98737

CSCsc98737 Bug Details

VPNSPA:IKE/IPSec default peer functionality with idle timer is not OK

None

Symptom:

When we configure the default route, every new connection should check for default peer before it starts a new connection. Here that check is not happening.

Actions

This Discussion