Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Limitation in crypto map regarding "set peer x.x.x.x"


I am using ios 12.2.10b in Cisco router 7206VXR

I noticed that in the same <crypto map "name" 1 ipsec-isakmp>.I can install only 40 peers but I need 160 peers.Is there any limitation in IOS version?


Cisco Employee

Re: Limitation in crypto map regarding "set peer x.x.x.x"

40 peers is the max you cna have. Are you sure you really want 160 backup peers, that doesn't sound right?

I think what you want is 160 peer routers catering for 160 sets of encrypted traffic. By putting all your peer routers under the "1" instance you saying that the second is only ever used if the first is down, the third is only ever used if the first and second are down, and so on. Is this what you want?

Or do you want to encrypt traffic from A to B to peer 1, traffic from A to C to peer 2, traffic from A to D to peer 3, etc. If so then you need to do it like this (note the different instances of the same crypto map, each pointing to a different peer with a different access-list):

crypto map 1 ipsec-isakmp

   set peer

   match address 100

   set transform-set esp3des

crypto map 2 ipsec-isakmp

   set peer

   match address 101

   set transform-set esp3des

crypto map 3 ipsec-isakmp

   set peer

   match address 102

   set transform-set esp3des


access-list 100 permit ip

access-list 101 permit ip

access-list 102 permit ip


Community Member

Re: Limitation in crypto map regarding "set peer x.x.x.x"

Thanks for your answer.

Yes this is what i want.

But I have noticed that if i configure 40 peers in the same crypto map they do not actually treat as backup routers but all peers can be it is more quickly one crypto map with alot of peers than 160 crypto maps with different sequence number.

Thanks in advance

CreatePlease to create content