cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
460
Views
0
Helpful
1
Replies

IPSEC Peer Redundancy

m.reay
Level 1
Level 1

If I use Multiple set peer statements in a crypto map on an IOS router to allow redundancy will the router be allowed to both initiate and accept connection requests?

On an ASA multiple peers can only be used with the initiate-only connection type.

1 Reply 1

Not applicable

A crypto map set can contain multiple entries, each with a different access list. The router searches the crypto map entries in order, and attempts to match the packet to the access list specified in that entry.

When a packet matches a permit entry in a particular access list, and the corresponding crypto map entry is tagged as Cisco, connections are established with the remote peer as specified in the set peer statements within the crypto map.

See here:

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_ipsec_pref_peer_ps6017_TSD_Products_Configuration_Guide_Chapter.html#wp1055028

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: