12-18-2008 06:58 PM - edited 02-21-2020 04:05 PM
Hi everyone,
I am pretty new to vpn configs and am trying to get ipsec preferred peer to work but I am having some problems.
I've tried a failover with the provider. It worked fine but when all interface on the primary telco router were restored I couldn't establish the vpn. I manually removed the peers config, added again and then I was able to establish connection with the default peer 172.31.41.169
Has anyone tried this kind of config before? I am using a cisco 3845.
crypto map Telecom 160 ipsec-isakmp
set peer 172.31.41.169 default
set peer 172.31.41.170
set security-association idle-time 60
set transform-set Standard_transform
match address 160
12-28-2008 05:43 PM
You must have a properly defined, complete crypto map.
IPSec Preferred Peer:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_ipspp.html
01-05-2009 02:53 PM
Hi Iris,
I read that document before. In my case I think the problem is an IOS bug.
bug CSCsc98737
CSCsc98737 Bug Details
VPNSPA:IKE/IPSec default peer functionality with idle timer is not OK
None
Symptom:
When we configure the default route, every new connection should check for default peer before it starts a new connection. Here that check is not happening.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: