Hi,
I have to establish a tunnel from the local FW to a remote FW in L2L
In case of failure of the remote FW, a tunnel has to be opened with the backup remote FW.
I have proposed to use IKEv2
But with following config i get the message: %ASA-4-752009: IKEv2 Doesn't support Multiple Peers
.............
crypto map local-map 30 set peer 22.22.22.22 33.33.33.33
...............
So i have created two crypto maps:
crypto map local-map 30 set peer 22.22.22.22
crypto map local-map 40 set peer 33.33.33.33
The primary tunnel with peer 22.22.22.22 works fine but with the backup tunnel with peer 33.33.33.33
The tunnel IPSEc is up but no interesting traffic enters the tunnel:
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 28, #pkts decrypt: 28, #pkts verify: 28
I have first taken a capture on the inside interface and i see the counter of the access-list incrementing
but when i take a capture on the outside interface, i don't see any interesting traffic.
I have tried the clear crypto command but no way.
Equipment: Cluster of Cisco ASA 5510 at rel 8.4.7
Do i have to reboot the FW or may be the two crypto maps that i have created are not the good solution.
As an alternative if i want to maintain both peers on the same line i can replace IKEv2 by IKEv1.
Best regards.
Andre
