SECUR Exam Cram™ 2 (Exam 642-501)

Defining IPSec Peers

For a redundant configuration, you could specify many peers in your crypto map, each with a different IP address:

R1 (config)# crypto map MYMAP 10 ipsec-isakmp
R1 (config-crypto-map)# match ip address 122
R1 (config-crypto-map)# set peer 30.200.200.2
R1 (config-crypto-map)# set peer 30.200.201.2
R1 (config-crypto-map)# set peer 30.200.202.2

In this configuration, R1 would first attempt to create an IPSec session with 30.200.200.2. If this router is unavailable or an error occurs during IKE, then the next router on the list is attempted, which is 30.200.201.2, and so on until an IPSec session is established.

Get SECUR Exam Cram™ 2 (Exam 642-501) now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SECUR Exam Cram™ 2 (Exam 642-501) by Raman Sud, Ken Edelman

Defining IPSec Peers

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly