I am very keen to know on failover and redundancy of ezvpn hardware clietns. I have following scenarion:
HO-Ezvpn server---> Router1---> internet----->><<-------Brnch-Router1---L3switch1
DR-Ezvpn server---> Router1---> internet----->><<-------Brnch-Router1---L3switch1
I need solution for ezvpn tunnel failover as below:
1) if HO ezvpn server goes down, my branch routers should connect to DR.
2) If branch primary internet link goes down then router2 should connect to HO ezvpn server
Ezvpn servers are ASA 5520 running 8.4 version and branch router is 3925 routers. both the routers are in same branch. We have two internet links.
Problem which I am facing are: 1) when all devices are up then my both the routers connectes to HO ezvpn server and we face intermittent packet drop issues as both the routers are connected to same lan and have same subnets.
2) I am unable to establsih redundancy/failover in this scenario
My goal is to achieve:
1) redundancy and failover in this scenario like router 1 connectes to HO ezvpn server and if HO ezvpn server is not reachable then shud shift to DR at the same time second branch router will serve internet.
if primary router in branch goes down then only router2 in branch should establish ezvpn tunnel. but its not happening at all. from my both the routers tunnels get activated and we see fluctuation in network.
i have achieved failover/redundancy with OSPF and HSRP at network layer for internet and VPN traffic between branch routers and layer 3 switches but unable to do for ezvpn.
Can anyone guide me or help to achieve this either by eem/ip sla or some how I can stop router2 to establish ezvpn tunnel until router1 fails.
Please help me to achieve this.