I have two router on the internet. One of them establish a VPN connection with the other one. This work well, but I want to make a VPN in a "two-way" connection. The first router can establish the VPN to the second router and the second to the first.
If these are the only sites then you can just have this config, if there are many more sites which need the dynamic ipsec, you can have that too with the static ipsec ensure that the static ipsec comes bfor the dynamic ipsec in the crypto sequence.
I think that Gautam is saying something implicitly and I think it may help to make it explicit. The original config uses dynamic cyrpto map. The advantage of dymanic crypto map is that it can support multiple remote peers without having to configure any remote peers. But dymanic crypto map sessions can only be initiated from the remote.
Gautam is suggesting that router 1 change from dynamic crypto map to static crypto map (at least for the connection to router 2). The advantage of static crypto map is that either peer may initiate the connection. But static crypto map must explicitly configure each remote peer.
So whether anything needs to be removed depends on whether there are other remote peers. My guess, based on what is contained in the original post, is that there are only two routers involved in this. If that is so, then remove the dynamic crypto map and replace it with the static crypto map. If there are other remote peers then retain the dynamic crypto map.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :