Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Adding a Second VPN Peer to Existing Tunnel

We have a Cisco 3845 router for Site 2 Site VPN tunnels to external business partners.  The IOS is (C3845-ADVIPSERVICESK9-M), Version 12.4(15)T8.

One of our partners is doing a DR test and needs to have us swing the VPN traffic to another peer in a test location temporarily.  I plan on adding the test hosts to our existing encryption ACL, but instead of building another crypto map, I was wondering if I can add a secondary peer to the existing one?  I've not been able to find any config data on this yet so I was hoping someone could confirm if this is a viable approach.

Thanks,

Ray

Everyone's tags (3)
3 REPLIES
Cisco Employee

Adding a Second VPN Peer to Existing Tunnel

Yes you can..

You can configure the following under the crypto map:

set peer

VIP Purple

Adding a Second VPN Peer to Existing Tunnel

As Jennifer told you, you can add a second peer. You can also set the keyword "default" to tell the router which peer should be the preferred one.

But it might be that it's not the right solution for your problem. If you have to change the crypto ACL, then it sounds like that behind peer1 are different IP-addresses reachable then behind peer2. If that is the case, then you should configure a second crypto-map sequence where both have their own crypto-ACL with the correct IP-definition.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

Adding a Second VPN Peer to Existing Tunnel

Thanks Jennifer & Karsten,

Yes you are correct, this wouldn't be the best for a long term solution.  The external partner is doing a DR test and has to bring up the VPN tunnel at another location as part of the test.  I was just looking for an alternative to building a whole new crypto map.  This may not be much of a time saver anyway since I'd have to add another crypto key statement for the new peer as well.

Thanks for the responses!

Ray

1669
Views
0
Helpful
3
Replies
CreatePlease login to create content