Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3387
Views
0
Helpful
5
Replies

CSCud22276 - ENH Multiple Peers support for IKEv2

Fabrizio Chessa
Level 1
Level 1

‎06-02-2017 08:35 AM - edited ‎03-20-2019 09:23 PM

Hi to all,

I check for this bug. One customer required to me one migration from ikev1 to ikev2 and I have issue proposed into this bug.

Does Cisco implement this feature? Is there a release or workaround to solve this?

Thanks in advance

Regards

5 people had this problem
Labels:
0 Helpful
5 Replies 5

farcosre
Cisco Employee
Cisco Employee

‎06-06-2017 09:07 AM

I checked the status and it is still open of the bug, therefore its not available on any Interim Versions. IKEv2 still doesn't support multiple (backup )peers.

0 Helpful

matscosolutions
Level 1
Level 1
In response to farcosre

‎10-09-2017 01:32 AM

Is there a time frame as to when this feature will be available?
0 Helpful

ravichandra.handral1
Level 1
Level 1
In response to matscosolutions

‎12-07-2017 04:10 AM

Hi Guys

 

I checked status,its closed now

 

Any idea which release has feature enabled..Please need your help urgently

0 Helpful

avdwilk1978
Level 1
Level 1

‎01-31-2018 11:19 PM

Hi All,

 

there is a workaround. You can use VTI-tunnels from version 9.8. Use sla-monitor and tracking to check if the tunnel is up.

 

kind regards Alex

0 Helpful

Ben F
Level 1
Level 1
In response to avdwilk1978

‎10-24-2018 06:09 AM

Just ran into this issue, but luckily I had been curious about VTI for just this scenario. Here is my template. I think it should contain all the command you need.

 

!IKEV2 USING VTI CONFIGURATION

sysopt connection tcpmss 1350
sysopt connection preserve-vpn-flows

crypto ikev2 policy 10
 encryption aes-256
 integrity sha256
 group 2
 prf sha256
 lifetime seconds 28800
crypto ikev2 enable OUTSIDE
 
crypto ipsec ikev2 ipsec-proposal S2S_PROPOSAL
 protocol esp encryption aes-256
 protocol esp integrity sha-256
!
crypto ipsec profile S2S_PROFILE
 set ikev2 ipsec-proposal S2S_PROPOSAL
!
tunnel-group 1.1.1.1 type ipsec-l2l
tunnel-group 1.1.1.1 ipsec-attributes
 ikev2 remote-authentication pre-shared-key key123
 ikev2 local-authentication pre-shared-key key123
tunnel-group 2.2.2.2 type ipsec-l2l
tunnel-group 2.2.2.2 ipsec-attributes
 ikev2 remote-authentication pre-shared-key key123
 ikev2 local-authentication pre-shared-key key123
!
interface tunnel 1
 nameif A_TO_B_VPN_1
 description "PRIMARY LINK TO SITE B MAIN IP"
 ip address 192.168.168.1 255.255.255.252
 tunnel source interface OUTSIDE
 tunnel destination 1.1.1.1
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile S2S_PROFILE
!
interface tunnel 2
 nameif A_TO_B_VPN_2
 description "SECONDARY LINK TO SITE B MAIN IP"
 ip address 192.168.168.5 255.255.255.252
 tunnel source interface BACKUP
 tunnel destination 1.1.1.1
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile S2S_PROFILE
!
interface tunnel 3
 nameif A_TO_B_VPN_3
 description "PRIMARY LINK TO SITE B ALTERNATE IP"
 ip address 192.168.168.1 255.255.255.252
 tunnel source interface OUTSIDE
 tunnel destination 2.2.2.2
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile S2S_PROFILE
!
interface tunnel 4
 nameif A_TO_B_VPN_4
 description "SECONDARY LINK TO SITE B ALTERNATE IP"
 ip address 192.168.168.5 255.255.255.252
 tunnel source interface BACKUP
 tunnel destination 2.2.2.2
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile S2S_PROFILE
!
tunnel-group 1.1.1.1 type ipsec-l2l
tunnel-group 1.1.1.1 ipsec-attributes
 ikev2 remote-authentication pre-shared-key key123
 ikev2 local-authentication pre-shared-key key123
tunnel-group 2.2.2.2 type ipsec-l2l
tunnel-group 2.2.2.2 ipsec-attributes
 ikev2 remote-authentication pre-shared-key key123
 ikev2 local-authentication pre-shared-key key123
!
route A_TO_B_VPN_1 10.0.0.0 255.255.255.0 1.1.1.1 1 track 1
route A_TO_B_VPN_2 10.0.0.0 255.255.255.0 1.1.1.1 10 track 2
route A_TO_B_VPN_3 10.0.0.0 255.255.255.0 2.2.2.2 20 track 3
route A_TO_B_VPN_4 10.0.0.0 255.255.255.0 2.2.2.2 30

sla monitor 1
 type echo protocol ipIcmpEcho 1.1.1.1 interface OUTSIDE
 num-packets 3
 frequency 10

sla monitor schedule 1 life forever start-time now

track 1 rtr 1 reachability
!
sla monitor 2
 type echo protocol ipIcmpEcho 1.1.1.1 interface BACKUP
 num-packets 3
 frequency 10

sla monitor schedule 2 life forever start-time now

track 2 rtr 2 reachability
!
sla monitor 3
 type echo protocol ipIcmpEcho 2.2.2.2 interface OUTSIDE
 num-packets 3
 frequency 10

sla monitor schedule 3 life forever start-time now

track 3 rtr 3 reachability
!
sla monitor 4
 type echo protocol ipIcmpEcho 2.2.2.2 interface BACKUP
 num-packets 3
 frequency 10

sla monitor schedule 4 life forever start-time now

track 4 rtr 4 reachability
 
 
 
 
 
 
 
 
 
 
 
 
 
 

0 Helpful
Customers Also Viewed These Support Documents