10-14-2003 01:28 AM - edited 03-09-2019 05:08 AM
Hello,
I am using ios 12.2.10b in Cisco router 7206VXR
I noticed that in the same <crypto map "name" 1 ipsec-isakmp>.I can install only 40 peers but I need 160 peers.Is there any limitation in IOS version?
Regards
10-14-2003 08:36 PM
40 peers is the max you cna have. Are you sure you really want 160 backup peers, that doesn't sound right?
I think what you want is 160 peer routers catering for 160 sets of encrypted traffic. By putting all your peer routers under the "1" instance you saying that the second is only ever used if the first is down, the third is only ever used if the first and second are down, and so on. Is this what you want?
Or do you want to encrypt traffic from A to B to peer 1, traffic from A to C to peer 2, traffic from A to D to peer 3, etc. If so then you need to do it like this (note the different instances of the same crypto map, each pointing to a different peer with a different access-list):
crypto map
set peer 1.1.1.1
match address 100
set transform-set esp3des
crypto map
set peer 2.2.2.2
match address 101
set transform-set esp3des
crypto map
set peer 3.3.3.3
match address 102
set transform-set esp3des
......
access-list 100 permit ip
access-list 101 permit ip
access-list 102 permit ip
......
10-14-2003 11:39 PM
Thanks for your answer.
Yes this is what i want.
But I have noticed that if i configure 40 peers in the same crypto map they do not actually treat as backup routers but all peers can be active.so it is more quickly one crypto map with alot of peers than 160 crypto maps with different sequence number.
Thanks in advance
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide