04-16-2009 10:43 AM - edited 02-21-2020 04:12 PM
We have two VPN SPA modules on the different cisco 6500 Routers(12.2(18)SXF. We set up IPsec failover with HSRP and SSP. I think the failover would be oocured when I will upgrade IOS of 6500 and reboot. I wish the original primary SPA could keep active when it is online.But I did not find any priority parameters about failover. My question is do I need force it to become active from standby status like FWSM settings or add "standby priority..." on the configuration of module interface?
Thanks for your advice!
04-22-2009 10:33 AM
During an HSRP and IPsec failover, SSP transfers IPsec and ISAKMP SA state information between the active and standby switches, allowing existing VPN connections to be maintained after a switch failover. The standby preempt command is required, and should be configured with no priority or delay options.
04-22-2009 10:38 AM
Thanks, I will try to configure it!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide