Cisco Bug: CSCvv13396 - ENH: Reducing the timer for the failover when using multiple VPN peers with ikev2
Sep 22, 2020
- Sourcefire Defense Center
Known Affected Releases
Symptom: In earliest version than 6.6.0, multiple peers crypto map was available only with ikev1, part of the features of the 6.6.0 is the possibility to also use multiple peers crypto map with ikev2, nevrtheless, if the primary peer ip is unreachable, the device takes about 2 minutes to failover to the secondary acting as initiator. crypto map VPNMAP 10 set peer 220.127.116.11 18.104.22.168 Conditions: IKEv2 Initiator Behavior IKEv2 initiates session with a peer, say Peer1. If Peer1 is unreachable for 5 SA_INIT retransmits, a final retransmit is sent. This activity takes about 2 minutes.When Peer1 fails, the SA_INIT message is sent to Peer2. If Peer2 is also unreachable, session establishment is initiated with Peer3 after 2 minutes.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases