▀ Redundant IPSec Tunnel Fail-over Configuration
crypto-group <group_name>
match address <acl_name> [ <preference> ]
switchover auto [ do-not-revert ]
end
Notes:
<
ctxt_name
<
group_name
<
acl_name
IPSec Tunnel Failover feature and match the crypto map to a previously defined crypto ACL. For more
information on crypto ACL, refer
Modify ISAKMP Crypto Map Configuration to Match Crypto Group
Use the following example to match the crypto group with ISAKMP crypto map on your system:
configure
context <ctxt_name>
crypto map <map_name1> ipsec-isakmp
match crypto-group <group_name> primary
end
configure
context <ctxt_name>
crypto map <map_name> ipsec-isakmp
match crypto-group <group_name> secondary
end
Notes:
<
ctxt_name
<
group_name
<
map_name1
<
map_name2
Verifying the Crypto Group Configuration
These instructions are used to verify the crypto group configuration.
▄ Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide
178
> is the destination context where the Crypto Group is to be configured.
> is name of the Crypto group you want to configure for IPSec tunnel failover support.
> is name of the pre-configured crypto ACL. It is used for configurations not implementing the
Crypto Access Control List (ACL)
> is the system context in which you wish to create and configure the ISAKMP crypto maps.
> is name of the Crypto group configured in the same context for IPSec Tunnel Failover feature.
> is name of the preconfigured ISAKMP crypto map to match with crypto group as primary.
> is name of the preconfigured ISAKMP crypto map to match with crypto group as secondary.
section of this chapter.
IP Security
OL-25069-03