Link to home
Create AccountLog in
Avatar of amigan_99
amigan_99Flag for United States of America

asked on

Cisco IPSec Tunnel Has Two Peers in One Sequence Number - why?

In an ISR at a client, they have a Cisco ISR with a VPN tunnel to a business partner. What I'm wondering is why they might have two peers
in sequence number 10 and one peer (which also appears in sequence 10) in the second sequence number. The original setter upper is
long gone. Is SEQ 10 saying try to connect to 169.45.97.62 but if you can't, connect to 169.45.95.222? If that's the case, why would there
be a need for a SEQ 20 which then again references 169.45.97.62? Any thoughts on what the original intent was are appreciated. I would
think you'd just want one peer in sequence 10 and then one peer in sequence 20. ?

crypto map ACMEDYNO 10 ipsec-isakmp
 set peer 169.45.97.62
 set peer 169.45.95.222
 set transform-set ACMEDYNO
 set pfs group2
 match address CRYPTO-ACMEDYNO-LA
crypto map ACMEDYNO 20 ipsec-isakmp
 set peer 169.45.107.62
 set transform-set ACMEDYNO
 set pfs group2
 match address CRYPTO-ACMEDYNO-DL
ASKER CERTIFIED SOLUTION
Avatar of Pete Long
Pete Long
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of amigan_99

ASKER

Thanks much Pete.
Not a problem :) ThanQ