05-29-2012 05:25 AM - edited 03-04-2019 04:30 PM
Hi,
We have Cisco 2851 Router part code CISCO2851-SEC/K9 facing issue while set peer configuration, issue description below.
Issue:We are facing the problem while configuring set peer as when we try to this we face error like 'unable to set peer.maximum numbwe of peer (40)exceeded'
We suspected the IOS issue hence we have gone for IOS upgrade for this Router but this error is still coming while configuring set peer.
Previous IOS: c2800nm-advsecurityk9-mz.124-15.T7.bin
New IOS:c2800nm-advsecurityk9-mz.124-24.T7.bin
We are attaching here the snap shot of error that is coming while configuring the Router with set peer command along with show tech of the Router to understand this case brief.
Suggest on this after checking the provided logs.......
Regards,
Ashutosh
05-29-2012 06:21 AM
Hi,
One crypto-map has a limitation of 40 peers configured in it. But why would you want to configure 40 peers on the same cryptomap sequence? Multiple peer values in the same policy are used for redundancy and 40 is more than sufficient.
Configuring multiple peers is equivalent to providing a fallback list. For each tunnel, the IOS attempts to negotiate with the first peer in the list. If that peer does not respond, the IOS works its way down the list until either a peer responds or there are no more peers in the list.
Command reference:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtrlres.html#wp1046020
If you need tunnels to multiple peers, then it is better to use multiple cryptomap sequences in the same set. And since you can have 65,000 sequence numbers, you could "potentially" configure 65000 peers that way (depending on DRAM and NVRAM amount).
Kind Regards,
Ivan
**Please grade this post if you find it useful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide