PIX 6.3 and Crypto Map sequence number X with two peers
I have a customer in India who wants me to build a crypto map sequence number with two peers. The pix running 6.3 will except the code but I have not seen this done in the past nor can I find any documentaion to support this configuration. Can someone help?
By the way - this is for an active/standby solution which will always be initiated by the customer side
Re: PIX 6.3 and Crypto Map sequence number X with two peers
Yes, this is possible.
crypto map VPN-TUNNEL 4 set peer 18.104.22.168
crypto map VPN-TUNNEL 4 set peer 22.214.171.124
For ipsec-isakmp crypto map entries, you can specify multiple peers by repeating this command. The peer that packets are actually sent to is determined by the last peer that the PIX Firewall received either traffic or a negotiation request from for a given data flow. If the attempt fails with the first peer, IKE tries the next peer on the crypto map list.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...