Dean, What you have stated is correct. An additional detail would be that the reactivate primary peer configuration will also rely on dead peer detection to tear down the tunnel in the event of inactivity and attempt to reconnect to the primary peer.
On Sun, Aug 16, 2009 at 1:05 PM, Dean Armada<[email protected]> wrote: > Hi, > > I have 2 different configurations of EZPVN. One has DEFAULT on the 1st peer > IP address and the other has none from . From my understanding the > difference between the configurations is: > > A. It always look at the previous or existing peer connected to. > B. It always look at the default peer (1.1.1.1). If the tunnel went down or > SA expiration, it always first attempt to establish connection to 1.1.1.1 > regardless of the previous or existing connection. > > A. 2 Peers with out default: > > crypto ipsec client ezvpn EZVPN > connect auto > group CISCO key 6 CISCO123 > mode network-extension > peer 1.1.1.1 > peer 2.2.2.2 > > B. 2 Peers with default: > > crypto ipsec client ezvpn EZVPN > connect auto > group CISCO key 6 CISCO123 > mode network-extension > peer 1.1.1.1 default > peer 2.2.2.2 > > I might be wrong or may be lacking something. Please post any additional > information. > > Thanks > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > -- Tyson Scott - CCIE #13513 R&S and Security Technical Instructor - IPexpert, Inc. Telephone: +1.810.326.1444 Fax: +1.810.454.0130 Mailto: [email protected] Join our free online support and peer group communities: http://www.IPexpert.com/communities IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage Lab Certifications. _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
