Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
453
Views
0
Helpful
2
Replies

failover of IPsec VPN SPA

HWangLoyalty_2
Level 1
Level 1

‎04-16-2009 10:43 AM - edited ‎02-21-2020 04:12 PM

We have two VPN SPA modules on the different cisco 6500 Routers(12.2(18)SXF. We set up IPsec failover with HSRP and SSP. I think the failover would be oocured when I will upgrade IOS of 6500 and reboot. I wish the original primary SPA could keep active when it is online.But I did not find any priority parameters about failover. My question is do I need force it to become active from standby status like FWSM settings or add "standby priority..." on the configuration of module interface?

Thanks for your advice!

Labels:
0 Helpful
2 Replies 2

smalkeric
Level 6
Level 6

‎04-22-2009 10:33 AM

During an HSRP and IPsec failover, SSP transfers IPsec and ISAKMP SA state information between the active and standby switches, allowing existing VPN connections to be maintained after a switch failover. The standby preempt command is required, and should be configured with no priority or delay options.

0 Helpful

HWangLoyalty_2
Level 1
Level 1
In response to smalkeric

‎04-22-2009 10:38 AM

Thanks, I will try to configure it!

0 Helpful
Customers Also Viewed These Support Documents