IPSec Preferred Peer

Unanswered Question
Dec 18th, 2008
User Badges:

Hi everyone,

I am pretty new to vpn configs and am trying to get ipsec preferred peer to work but I am having some problems.


I've tried a failover with the provider. It worked fine but when all interface on the primary telco router were restored I couldn't establish the vpn. I manually removed the peers config, added again and then I was able to establish connection with the default peer 172.31.41.169


Has anyone tried this kind of config before? I am using a cisco 3845.


crypto map Telecom 160 ipsec-isakmp

set peer 172.31.41.169 default

set peer 172.31.41.170

set security-association idle-time 60

set transform-set Standard_transform

match address 160


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
muca Mon, 01/05/2009 - 14:53
User Badges:

Hi Iris,

I read that document before. In my case I think the problem is an IOS bug.


bug CSCsc98737


CSCsc98737 Bug Details

VPNSPA:IKE/IPSec default peer functionality with idle timer is not OK

None

Symptom:

When we configure the default route, every new connection should check for default peer before it starts a new connection. Here that check is not happening.


Actions

This Discussion