Pix 2 pix vpn: multiple peers in 1 crypto-map sequence...
I'm gooing NUTS! Let me elaborate on why:
We have 3 head-offices call them A, B and C. These are linked to each other via High BW leased lines. The smaller remote sites are connected to the main sites via internet-vpn. Now the problem is that we have crypto maps set-up like this:
And the peer that get's the tunnel is not allways the one I'd expect; nl the first in row. The tunnel also swaps peer at intermittant intervals. which cause havoc on the HQ-nework. Any sugestions are welcome...
Are the source and destination IPs same for all the HQ connections ??? I could see a single HQACL being applied for all the three connections.... In these cases, the peer given first (HQ A) will have the site to site tunnel created, when an interesting packet is triggered from the HQACL.... when this isnt reachable, it creates a tunnel on the second peer HQ B.... This is the way it should happen...
Since you said, all three HQ sites are connected using high bandwidth lines, I assumed the acl has the IPs of all three sites in it as destinations.... As of the peers, its goes in order of config....It goes to the next one if the previous peer is not reachable at the time of negotiation. So, when an SA is about to expire and triggers a renegotiation, I guess the Primary peer is momentarily not available which prompts the use of second peer and so on. That's the only logincal explanation for what you are seeing.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :