IPSEC Peer Redundancy

Unanswered Question
Apr 30th, 2009
User Badges:

If I use Multiple set peer statements in a crypto map on an IOS router to allow redundancy will the router be allowed to both initiate and accept connection requests?


On an ASA multiple peers can only be used with the initiate-only connection type.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Anonymous (not verified) Wed, 05/06/2009 - 06:44
User Badges:

A crypto map set can contain multiple entries, each with a different access list. The router searches the crypto map entries in order, and attempts to match the packet to the access list specified in that entry.


When a packet matches a permit entry in a particular access list, and the corresponding crypto map entry is tagged as Cisco, connections are established with the remote peer as specified in the set peer statements within the crypto map.


See here:

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_ipsec_pref_peer_ps6017_TSD_Products_Configuration_Guide_Chapter.html#wp1055028

Actions

This Discussion