We have a Cisco 3845 router for Site 2 Site VPN tunnels to external business partners. The IOS is (C3845-ADVIPSERVICESK9-M), Version 12.4(15)T8.
One of our partners is doing a DR test and needs to have us swing the VPN traffic to another peer in a test location temporarily. I plan on adding the test hosts to our existing encryption ACL, but instead of building another crypto map, I was wondering if I can add a secondary peer to the existing one? I've not been able to find any config data on this yet so I was hoping someone could confirm if this is a viable approach.
As Jennifer told you, you can add a second peer. You can also set the keyword "default" to tell the router which peer should be the preferred one.
But it might be that it's not the right solution for your problem. If you have to change the crypto ACL, then it sounds like that behind peer1 are different IP-addresses reachable then behind peer2. If that is the case, then you should configure a second crypto-map sequence where both have their own crypto-ACL with the correct IP-definition.
Yes you are correct, this wouldn't be the best for a long term solution. The external partner is doing a DR test and has to bring up the VPN tunnel at another location as part of the test. I was just looking for an alternative to building a whole new crypto map. This may not be much of a time saver anyway since I'd have to add another crypto key statement for the new peer as well.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :