I have 2 site to setup IPSec VPN, both sites have 2 Internet connections.One site is ASA8.0, and the other is PIX7.2.
I want to setup 2 VPN tunnel to backup each other, the route part I think I can use oject tracking to do the redundacy, but on the VPN configuration, I am confusing about the following 2 different setup:
crypto map FWMAP 10 match address 101
crypto map FWMAP 10 set peer 192.168.6.2
#Secondary for backup
crypto map FWMAP 20 match address 101
crypto map FWMAP 20 set peer 192.168.6.5
crypto map xxxmap 10 ipsec-isakmp
crypto map xxxmap 10 match address A_2_B
crypto map xxxmap 10 set peer 10.1.1.1 !--ISP1
#Secondaru peer for backup
crypto map xxxmap 10 set peer 192.168.1.1 !--ISP2
It seems bother configuration should work? What is the differnce between them?
Not quite how the multi set peer command work, and configuration guide didn't explain that too.
#1 would not work as the ACLs are the same, and it will keep trying to bring that up, and will never hit sequence 20.
#2 may work, but it will be tricky with failover - it would be best to lab it up, and see if you have any problems with various failover scenarios. Make sure you have your keepalives (DPDs) set to delete as soon as a failure is detected.
Hello All, Recently I got an opportunity to perform POC with Cisco ISE (2.7 Patch 4) and Aruba Wireless AP (IAP) to perform 802.1x EAP-FAST (machine + user) authentication followed by Posture Assessment on Windows 10 Machines (installed with AnyConnect 4....
Hello All, Recently I got an opportunity to perform POC with Cisco ISE (2.7 Patch 4) and Juniper EX 2300 switch to perform 802.1x EAP-FAST (machine + user) authentication followed by Posture Assessment on Windows 10 Machines (installed with AnyConnec...
At the core of the new Firewall Threat Defense (FTD) software version 7.x, Snort 3 provides faster and superior threat protection and performance, includes better SecureX integration so SecOPS teams can quickly pivot and correlate events from multiple pr...
This article describes the set of logs that can be verified related to SI feeds, starting from configuring to periodic updates.
The information in this document is based on Cisco FMC and FTD that runs software Version 6.6.5 or later.
pxGrid Integration with Cisco StealthWatch using Microsoft CAObjectiveThis blog will help the readers to configure their Cisco StealthWatch (7.X) and Cisco ISE appliance over pxGrid. What is pxGrid?Cisco pxGrid provides a unified framework that enabl...