08-27-2012 04:00 PM
We have a Cisco 3845 router for Site 2 Site VPN tunnels to external business partners. The IOS is (C3845-ADVIPSERVICESK9-M), Version 12.4(15)T8.
One of our partners is doing a DR test and needs to have us swing the VPN traffic to another peer in a test location temporarily. I plan on adding the test hosts to our existing encryption ACL, but instead of building another crypto map, I was wondering if I can add a secondary peer to the existing one? I've not been able to find any config data on this yet so I was hoping someone could confirm if this is a viable approach.
Thanks,
Ray
08-27-2012 10:23 PM
Yes you can..
You can configure the following under the crypto map:
set peer
08-27-2012 11:51 PM
As Jennifer told you, you can add a second peer. You can also set the keyword "default" to tell the router which peer should be the preferred one.
But it might be that it's not the right solution for your problem. If you have to change the crypto ACL, then it sounds like that behind peer1 are different IP-addresses reachable then behind peer2. If that is the case, then you should configure a second crypto-map sequence where both have their own crypto-ACL with the correct IP-definition.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
08-28-2012 07:33 AM
Thanks Jennifer & Karsten,
Yes you are correct, this wouldn't be the best for a long term solution. The external partner is doing a DR test and has to bring up the VPN tunnel at another location as part of the test. I was just looking for an alternative to building a whole new crypto map. This may not be much of a time saver anyway since I'd have to add another crypto key statement for the new peer as well.
Thanks for the responses!
Ray
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide