We help IT Professionals succeed at work.

Cisco IPSec Tunnel Has Two Peers in One Sequence Number - why?

145 Views
Last Modified: 2019-04-08
In an ISR at a client, they have a Cisco ISR with a VPN tunnel to a business partner. What I'm wondering is why they might have two peers
in sequence number 10 and one peer (which also appears in sequence 10) in the second sequence number. The original setter upper is
long gone. Is SEQ 10 saying try to connect to 169.45.97.62 but if you can't, connect to 169.45.95.222? If that's the case, why would there
be a need for a SEQ 20 which then again references 169.45.97.62? Any thoughts on what the original intent was are appreciated. I would
think you'd just want one peer in sequence 10 and then one peer in sequence 20. ?

crypto map ACMEDYNO 10 ipsec-isakmp
 set peer 169.45.97.62
 set peer 169.45.95.222
 set transform-set ACMEDYNO
 set pfs group2
 match address CRYPTO-ACMEDYNO-LA
crypto map ACMEDYNO 20 ipsec-isakmp
 set peer 169.45.107.62
 set transform-set ACMEDYNO
 set pfs group2
 match address CRYPTO-ACMEDYNO-DL
Comment
Watch Question

Technical Architect
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
amigan_99Network Engineer

Author

Commented:
Thanks much Pete.
Pete LongTechnical Architect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Not a problem :) ThanQ
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.