CISCO - Chathura Ariyadasa (He/Him/His)

When working with CISCO router based IPSEC VPN tunnels, we might need to enable HA feature for the continuous connectivity with the remote peer. By default, we use just a single peer IP address. But if the remote peer is dead for some reason, we face issues with IPSEC tunnel failure. In order to mitigate that risk, we can use the feature called “default peer” . What it does is, it enable us to define multiple redundant peers instead of a single peer.

The most preference is always given to the “default” peer. If the default peer IP address is unreachable for any reason, the next available peer will be elected as the tunnel peer. The peer status is detected by a feature called “Dead Peer Detection (DPD)”. So, lets jump into the config,

(NOTE: always verify whether these command-lets are supported by the router)

Configuring a Default Peer

enable
configure terminal
crypto map map-name seq-num ipsec-isakmp profile profile-name
set peer ip-address default
exit

Continue reading “Setting up multiple IPSEC VPN peers on Cisco IOS & IOS XE”

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
__cfduid	1 month	The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

Category: CISCO

Setting up multiple IPSEC VPN peers on Cisco IOS & IOS XE

All about Firepower Thread Defense