Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Limitation in crypto map regarding "set peer x.x.x.x"

Hello,

I am using ios 12.2.10b in Cisco router 7206VXR

I noticed that in the same <crypto map "name" 1 ipsec-isakmp>.I can install only 40 peers but I need 160 peers.Is there any limitation in IOS version?

Regards

2 REPLIES
Cisco Employee

Re: Limitation in crypto map regarding "set peer x.x.x.x"

40 peers is the max you cna have. Are you sure you really want 160 backup peers, that doesn't sound right?

I think what you want is 160 peer routers catering for 160 sets of encrypted traffic. By putting all your peer routers under the "1" instance you saying that the second is only ever used if the first is down, the third is only ever used if the first and second are down, and so on. Is this what you want?

Or do you want to encrypt traffic from A to B to peer 1, traffic from A to C to peer 2, traffic from A to D to peer 3, etc. If so then you need to do it like this (note the different instances of the same crypto map, each pointing to a different peer with a different access-list):

crypto map 1 ipsec-isakmp

   set peer 1.1.1.1

   match address 100

   set transform-set esp3des

crypto map 2 ipsec-isakmp

   set peer 2.2.2.2

   match address 101

   set transform-set esp3des

crypto map 3 ipsec-isakmp

   set peer 3.3.3.3

   match address 102

   set transform-set esp3des

......

access-list 100 permit ip

access-list 101 permit ip

access-list 102 permit ip

......

Community Member

Re: Limitation in crypto map regarding "set peer x.x.x.x"

Thanks for your answer.

Yes this is what i want.

But I have noticed that if i configure 40 peers in the same crypto map they do not actually treat as backup routers but all peers can be active.so it is more quickly one crypto map with alot of peers than 160 crypto maps with different sequence number.

Thanks in advance

141
Views
0
Helpful
2
Replies
CreatePlease to create content