Re: IOS-to-IOS IPSec Tunnel Question

From: Alexei Monastyrnyi (alexeim@orcsoftware.com)
Date: Sun Nov 12 2006 - 07:19:06 ART

• Next message: Alexei Monastyrnyi: "Re: tcp header compression"
• Previous message: Lab Rat #109385382: "Another PIX Question"
• Maybe in reply to: Lab Rat #109385382: "IOS-to-IOS IPSec Tunnel Question"
• Next in thread: Lab Rat #109385382: "RE: IOS-to-IOS IPSec Tunnel Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi.

I have PIX to PIX static to dynamic IPSec peering in production like this.

Remote PIX with dynamic IP address is peering statically with central
PIX that has dynamic crypto map with no peer set up for remote PIX, only
PSK is configured for remote DHCP range.

This is similar to your situation and hub PIX cannot initiate VPN
tunnel, only remote one does that.

A.

Lab Rat #109385382 wrote:
> Is it safe to say that, if RouterA has a static crypto map statement (with
> "set peer") and the RouterB has a dynamic crypto map (sans "set peer"), that
> RouterB will never initiate the connection to RouterA? Only RouterA can
> initiate the connection?
>
> I'm trying to simulate, but the routers automatically keep bringing the
> tunnels back up every time I tear them down.
>
> Appreciate the advice.
>
> Thanks,
>
> Ed
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Alexei Monastyrnyi: "Re: tcp header compression"
• Previous message: Lab Rat #109385382: "Another PIX Question"
• Maybe in reply to: Lab Rat #109385382: "IOS-to-IOS IPSec Tunnel Question"
• Next in thread: Lab Rat #109385382: "RE: IOS-to-IOS IPSec Tunnel Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:46 ART