12-18-2008 06:58 PM - edited 02-21-2020 04:05 PM
Hi everyone,
I am pretty new to vpn configs and am trying to get ipsec preferred peer to work but I am having some problems.
I've tried a failover with the provider. It worked fine but when all interface on the primary telco router were restored I couldn't establish the vpn. I manually removed the peers config, added again and then I was able to establish connection with the default peer 172.31.41.169
Has anyone tried this kind of config before? I am using a cisco 3845.
crypto map Telecom 160 ipsec-isakmp
set peer 172.31.41.169 default
set peer 172.31.41.170
set security-association idle-time 60
set transform-set Standard_transform
match address 160
12-28-2008 05:43 PM
You must have a properly defined, complete crypto map.
IPSec Preferred Peer:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_ipspp.html
01-05-2009 02:53 PM
Hi Iris,
I read that document before. In my case I think the problem is an IOS bug.
bug CSCsc98737
CSCsc98737 Bug Details
VPNSPA:IKE/IPSec default peer functionality with idle timer is not OK
None
Symptom:
When we configure the default route, every new connection should check for default peer before it starts a new connection. Here that check is not happening.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide