Листовка для Cisco Cisco Packet Data Gateway (PDG)
Redundant IPSec Tunnel Fail-over
▀ Redundant IPSec Tunnel Fail-over (IKEv1)
▄ Cisco StarOS IP Security (IPSec) Reference
104
match address <acl_name> [ <preference> ]
switchover auto [ do-not-revert ]
end
Notes:
<ctxt_name> is the destination context where the Crypto Group is to be configured.
<group_name> is name of the Crypto group you want to configure for IPSec tunnel failover support.
<acl_name> is name of the pre-configured crypto ACL. It is used for configurations not implementing the IPSec
Tunnel Failover feature and match the crypto map to a previously defined crypto ACL. For more information
on crypto ACL, refer to the Access Control chapter of this guide.
on crypto ACL, refer to the Access Control chapter of this guide.
Modifying a ISAKMP Crypto Map Configuration to Match a Crypto Group
Use the following example to match the crypto group with ISAKMP crypto map:
configure
context <ctxt_name>
crypto map <map_name1> ipsec-isakmp
match crypto-group <group_name> primary
end
configure
context <ctxt_name>
crypto map <map_name2> ipsec-isakmp
match crypto-group <group_name> seondary
end
Notes:
<ctxt_name>
is the system context in which you wish to create and configure the ISAKMP crypto maps.
<group_name>
is name of the Crypto group configured in the same context for IPSec Tunnel Failover feature.
<map_name1>
is name of the preconfigured ISAKMP crypto map to match with crypto group as primary.
<map_name2>
is name of the preconfigured ISAKMP crypto map to match with crypto group as secondary.