×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Ezvpn hardware client failover

Unanswered Question
Mar 28th, 2012
User Badges:

HI Experts,


I am very keen to know on failover and redundancy of ezvpn hardware clietns. I have following scenarion:



HO-Ezvpn server---> Router1---> internet----->><<-------Brnch-Router1---L3switch1

HO-Ezvpn server--->Router1---->internet----->><<--------BranchRouter2---L3Switch2


DR-Ezvpn server---> Router1---> internet----->><<-------Brnch-Router1---L3switch1

DR-Ezvpn server--->Router1---->internet----->><<--------BranchRouter2---L3Switch2



I need solution for ezvpn tunnel failover as below:

1) if HO ezvpn server goes down, my branch routers should connect to DR.

2) If branch primary internet link goes down then router2 should connect to HO ezvpn server


Ezvpn servers are ASA 5520 running 8.4 version and branch router is 3925 routers. both the routers are in same branch. We have two internet links.


Problem which I am facing are: 1) when all devices are up then my both the routers connectes to HO ezvpn server and we face intermittent packet drop issues as both the routers are connected to same lan and have same subnets.

2) I am unable to establsih redundancy/failover in this scenario


My goal is to achieve:

1) redundancy and failover in this scenario like router 1 connectes to HO ezvpn server and if HO ezvpn server is not reachable then shud shift to DR at the same time second branch router will serve internet.


if primary router in branch goes down then only router2 in branch should establish ezvpn tunnel. but its not happening at all. from my both the routers tunnels get activated and we see fluctuation in network.


i have achieved failover/redundancy with OSPF and HSRP at network layer for internet and VPN traffic between branch routers and layer 3 switches but unable to do for ezvpn.


Can anyone guide me or help to achieve this either by eem/ip sla or some how I can stop router2 to establish ezvpn tunnel until router1 fails.


Please help me to achieve this.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion