troubleshooting Question

Cisco IPSec Tunnel Has Two Peers in One Sequence Number - why?

Avatar of amigan_99
amigan_99Flag for United States of America asked on
NetworkingInternet Protocol SecurityCisco
3 Comments1 Solution155 ViewsLast Modified:
In an ISR at a client, they have a Cisco ISR with a VPN tunnel to a business partner. What I'm wondering is why they might have two peers
in sequence number 10 and one peer (which also appears in sequence 10) in the second sequence number. The original setter upper is
long gone. Is SEQ 10 saying try to connect to 169.45.97.62 but if you can't, connect to 169.45.95.222? If that's the case, why would there
be a need for a SEQ 20 which then again references 169.45.97.62? Any thoughts on what the original intent was are appreciated. I would
think you'd just want one peer in sequence 10 and then one peer in sequence 20. ?

crypto map ACMEDYNO 10 ipsec-isakmp
 set peer 169.45.97.62
 set peer 169.45.95.222
 set transform-set ACMEDYNO
 set pfs group2
 match address CRYPTO-ACMEDYNO-LA
crypto map ACMEDYNO 20 ipsec-isakmp
 set peer 169.45.107.62
 set transform-set ACMEDYNO
 set pfs group2
 match address CRYPTO-ACMEDYNO-DL
ASKER CERTIFIED SOLUTION
Pete Long
Solutions Architect
Join our community to see this answer!
Unlock 1 Answer and 3 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros