Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
941
Views
5
Helpful
1
Replies

Multiple Peers in Crypto Map

Hawk
Level 1
Level 1

‎07-18-2018 10:55 AM - edited ‎03-12-2019 05:28 AM

I need to change peer addressing on a vpn tunnel. 1.1.1.1 is the old address & 2.2.2.2 is the new address.  My plan was to have both addresses in the crypto map  & when the peer changes on their side to their new 2.2.2.2 address my assumption is that with the configuration below it will automatically form the tunnel to the new IP.  My coworker told me that it may work but that the config I have will restrict my side of the tunnel to only be a responder.  My coworker says that when 2 peers are configured that restricts our side to acting as either or  not both.  I'm not sure how that impacts things if at all.  Can someone kindly advise?

 

 

crypto map outside_map 90 match address EncryptDomain
crypto map outside_map 90 set peer 1.1.1.1 2.2.2.2
crypto map outside_map 90 set ikev1 transform-set ESP-AES-256-SHA
crypto map outside_map 90 set nat-t-disable

Labels:
0 Helpful
1 Reply 1

Troy Jackson
Level 1
Level 1

‎07-31-2018 04:43 AM

If you use multiple IPs with the “set peer” command it act as a fall over for the tunnel. If one peer doesn’t respond it will try the other. As for the the restriction I’m not sure that’s the case. But it will not impact the tunnel. Being the responder only means the other side started or initiated the tunnel.

 

Please remember to rate useful posts, by clicking on the star below.
-Troy J.
Customers Also Viewed These Support Documents