05-01-2018 05:34 PM - edited 03-12-2019 05:15 AM
I need an ASA to establish a VPN for a remote network that has redundant ISPs and therefor it also has multiple peer IPs. So the question is should I add both remote IPs to one cryptomap sequence or should I create two sequences? Note that I do not/cannot do load balancing. This should work as a primary/secondary setup. Will both of these examples work? If so, are there pros and cons of each?
Thanks,
Diego
Option A:
crypto map cryptomap 10 match address acl_cryptomap
crypto map cryptomap 10 set peer 1.1.1.1 2.2.2.2
crypto map cryptomap 10 set ikev1 transform-set DES-SHA
crypto map cryptomap 10 set ikev2 pre-shared-key *****
Option B:
crypto map cryptomap 10 match address acl_cryptomap
crypto map cryptomap 10 set peer 1.1.1.1
crypto map cryptomap 10 set ikev1 transform-set DES-SHA
crypto map cryptomap 10 set ikev2 pre-shared-key *****
crypto map cryptomap 20 match address acl_cryptomap
crypto map cryptomap 20 set peer 2.2.2.2
crypto map cryptomap 20 set ikev1 transform-set DES-SHA
crypto map cryptomap 20 set ikev2 pre-shared-key *****
05-01-2018 06:58 PM
05-02-2018 12:48 PM
Cool, good to know.
So out of curiosity, what would the behavior be if I used the other option?
Thanks,
Diego
05-02-2018 07:12 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: