Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSec Preferred Peer

Hi everyone,

I am pretty new to vpn configs and am trying to get ipsec preferred peer to work but I am having some problems.

I've tried a failover with the provider. It worked fine but when all interface on the primary telco router were restored I couldn't establish the vpn. I manually removed the peers config, added again and then I was able to establish connection with the default peer 172.31.41.169

Has anyone tried this kind of config before? I am using a cisco 3845.

crypto map Telecom 160 ipsec-isakmp

set peer 172.31.41.169 default

set peer 172.31.41.170

set security-association idle-time 60

set transform-set Standard_transform

match address 160

2 REPLIES
Silver

Re: IPSec Preferred Peer

You must have a properly defined, complete crypto map.

IPSec Preferred Peer:

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_ipspp.html

New Member

Re: IPSec Preferred Peer

Hi Iris,

I read that document before. In my case I think the problem is an IOS bug.

bug CSCsc98737

CSCsc98737 Bug Details

VPNSPA:IKE/IPSec default peer functionality with idle timer is not OK

None

Symptom:

When we configure the default route, every new connection should check for default peer before it starts a new connection. Here that check is not happening.

235
Views
0
Helpful
2
Replies
CreatePlease to create content