GETVPN....

Unanswered Question
Nov 23rd, 2009

Hi,

Getting strucked in configuring in GETVPN, all GM's are connected and working fine with KS and share routes for Data Center, how can i connect with DR of all my GM's as they have only one WAN interface which is connected with WAN.

Kindly advice. Thanks in advance

Ragards

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Mon, 11/23/2009 - 06:21

Create second GETVPN. On the key servers in the DR site define a second group. On the GM you'll have a second group configured there. Make sure the policies on each KS don't interfere with the others.

Here's a great doc on GETVPN including using multiple groups.

http://tools.cisco.com/search/display?url=http%3A%2F%2Fwww.cisco.com%2Fen%2FUS%2Fprod%2Fcollateral%2Fvpndevc%2Fps6525%2Fps9370%2Fps7180%2FGETVPN_DIG_version_1_0_External.pdf&pos=5&strqueryid=1&websessionid=q5jCd5qhE75u98N8r0O00fG

Hope it helps.

iqbal-zeeshan Mon, 11/23/2009 - 23:30

Hi Collin,

First Thanks for your reply, i did the same thing which you mentioned in your reply and now its working. But still there is an other issue of maintaining crypto sessions in GM. One cryto session becomes IDLE and DOWN autometically within few minutes althrough there is intersting traffic from DR & DC,after that i have to remove crypto map from GM interface and apply it back than its working fine. Again after few minutes its happening back again.

Kindly find the attached files of KS (DC and DR) and GM. In GM you can find the down and up crypto session. Kindly advice do i need any futher configuration.

Thanks in advance.

Regards

Attachment: 

Actions

This Discussion