Configuring an ISAKMP peer-group

Last Updated : Nov 06, 2012 |

About this task

An ISAKMP peer-group maintains an ordered list of redundant peers. The purpose of the peer-group is to provide a backup in the case of remote peer failure. At any point in time, only one peer is active and acting as the remote peer. If the active peer is presumed dead, the next peer in the peer-group becomes the active remote peer. For a full explanation of the redundancy mechanism see Introduction to the failover mechanism.

Note:

You can define up to 50 peer-groups.

Note:

A peer configured as initiate mode none cannot be a member of a peer-group.

Procedure

  1. Use the crypto isakmp peer-group command, followed by the name of a peer-group (a string of up to 110 characters), to enter the context of an ISAKMP peer-group (and to create the peer-group if it does not exist).

    For example:

    Gxxx-001# crypto isakmp peer-group NY-VPN-group
Gxxx-001(config-peer-grp:NY-VPN-group)#
  2. Use the description command to enter a description for the ISAKMP peer-group.

    For example:

    Gxxx-001(config-peer-grp:NY-VPN-group)# description Avaya peer group
Done!
  3. Add a peer to the list of peers in the group, using the set peer command:

    Specify the peer’s name or address.

    Note:

    You can define up to a maximum of five peers in a peer-group.

    Important:

    Each of the peers listed in the peer-group must be configured as an ISAKMP peer (see Configuring ISAKMP peer information).

    Optionally enter an index number, specifying the relative position of the peer within the peer-group. If you do not enter an index number, the peer is added at the end of the peer-group list, and is assigned an index following the last peer’s index.

    For example:

    Gxxx-001(config-peer-grp:NY-VPN-group)# set peer 149.49.52.135 1
Done!
  4. Repeat Step 3 for every peer you want to add to the list.
Related information
Site-to-site IPSec VPN