Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
653
Views
0
Helpful
2
Replies

IPSec Preferred Peer

muca
Level 3
Level 3

‎12-18-2008 06:58 PM - edited ‎02-21-2020 04:05 PM

Hi everyone,

I am pretty new to vpn configs and am trying to get ipsec preferred peer to work but I am having some problems.

I've tried a failover with the provider. It worked fine but when all interface on the primary telco router were restored I couldn't establish the vpn. I manually removed the peers config, added again and then I was able to establish connection with the default peer 172.31.41.169

Has anyone tried this kind of config before? I am using a cisco 3845.

crypto map Telecom 160 ipsec-isakmp

set peer 172.31.41.169 default

set peer 172.31.41.170

set security-association idle-time 60

set transform-set Standard_transform

match address 160

Labels:
0 Helpful
2 Replies 2

irisrios
Level 6
Level 6

‎12-28-2008 05:43 PM

You must have a properly defined, complete crypto map.

IPSec Preferred Peer:

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_ipspp.html

0 Helpful

muca
Level 3
Level 3
In response to irisrios

‎01-05-2009 02:53 PM

Hi Iris,

I read that document before. In my case I think the problem is an IOS bug.

bug CSCsc98737

CSCsc98737 Bug Details

VPNSPA:IKE/IPSec default peer functionality with idle timer is not OK

None

Symptom:

When we configure the default route, every new connection should check for default peer before it starts a new connection. Here that check is not happening.

0 Helpful
Customers Also Viewed These Support Documents