Comment
Author: Admin | 2025-04-28
Mismatch Reset Traffic selectors mismatch during rekey Reset Crypto map modification Reset HA switchover No Clear crypto IKEv2 SA Reset Clear ipsec sa Reset IKEv2 SA timeout Reset Guidelines for IKEv2 Multi-Peer IKEv1 and IKEv2 Protocols If a crypto map is configured with both the IKE versions and multiple peers, SA attempt is made on each peer with both versions before moving to next peer. For example, if a crypto map is configured with two peers, say P1 and P2, then the tunnel is initiated to P1 with IKEv2, P1 with IKEv1, P2 with IKEv2, and so on. High Availability A crypto map with multiple peers initiates tunnels to the Responder device that is in HA. It moves to the next Responder device when the first device isn’t reachable. An initiator device initiates tunnels to the Responder device. If the active device goes down, the standby device attempts to establish the tunnel from the Peer1 IP address, irrespective of the crypto map moving to the Peer2 IP address on the active device. Centralized Cluster A crypto map with multiple peers can initiate tunnels to the Responder device that is in a Centralized cluster deployment. If the first device is unreachable, it attempts to move to the next Responder device. An initiator device initiates tunnels to the Responder device. Every node in the cluster moves to the next Peer2, if Peer1 isn’t reachable. Distributed Cluster Distributed clustering isn’t supported when an IKEv2 multi-peer crypto map is configured. Multiple Context Modes In
Add Comment