I have a customer connected to my company with a site to site ipsec vpn tunnel. This customer wants to have a second router that works as backup in case that the first router fails.
I'm working with ipsec VRF-aware and I have configured a profile for this customer and I want to configure both peers in the same crypto map.
My questions are:
1. Is it possible to configure in the crypto isakmp profile two"match identity address" for two different peers ?
2. Is it possible to configure in the crypto keyring two two " pre-shared-key address" for two different peers ? can I use the same pre-shared keys for both ?
3. If a configure "set peer 22.214.171.124 default" and this peer fails, the connection will be established with the second peer. What happens if the default peer is available again ? Does the vpn tunnel remain by 126.96.36.199 or the vpn tunnel will be closed and the start a new connection to the default peer ?
4. What happens if the peers are configured without" default" ? first peer fails, than the connection will be established with the second one and if the second one fails the connection will be stablished with the first one and so on ?
This is my configuration
ip vrf customer
route-target export 5:5
route-target import 5:5
crypto map mymap 90 ipsec-isakmp
set peer 188.8.131.52
set peer 184.108.40.206
set transform-set tset_3des-sha
set isakmp-profile isakmp_ABC
match address acl_ABC
crypto isakmp profile isakmp_ABC
match identity address 220.127.116.11 255.255.255.255
match identity address 18.104.22.168 255.255.255.255 -> is it possible to configure ???
keepalive 10 retry 2
crypto keyring kring_ABC
pre-shared-key address 22.214.171.124 key cisco
pre-shared-key address 126.96.36.199 key cisco-> is it possible to configure?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...