I have 2 site to setup IPSec VPN, both sites have 2 Internet connections.One site is ASA8.0, and the other is PIX7.2.
I want to setup 2 VPN tunnel to backup each other, the route part I think I can use oject tracking to do the redundacy, but on the VPN configuration, I am confusing about the following 2 different setup:
crypto map FWMAP 10 match address 101
crypto map FWMAP 10 set peer 192.168.6.2
#Secondary for backup
crypto map FWMAP 20 match address 101
crypto map FWMAP 20 set peer 192.168.6.5
crypto map xxxmap 10 ipsec-isakmp
crypto map xxxmap 10 match address A_2_B
crypto map xxxmap 10 set peer 10.1.1.1 !--ISP1
#Secondaru peer for backup
crypto map xxxmap 10 set peer 192.168.1.1 !--ISP2
It seems bother configuration should work? What is the differnce between them?
Not quite how the multi set peer command work, and configuration guide didn't explain that too.
#1 would not work as the ACLs are the same, and it will keep trying to bring that up, and will never hit sequence 20.
#2 may work, but it will be tricky with failover - it would be best to lab it up, and see if you have any problems with various failover scenarios. Make sure you have your keepalives (DPDs) set to delete as soon as a failure is detected.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...