VPN with HSRP and SSO

Unanswered Question
Apr 30th, 2012

Hi,

I'm trying to configure VPN with HA using HSRP & SSO and everyting works fine but I have some doubts.

                            (192.168.0.1)     R1    (10.0.0.1)------------\

                           /                                                           \

R4(192.168.0.4)--- VIP (192.168.0.10)           VIP (10.0.0.10)  -----(10.0.0.3) R3

                           \                                                          /

                             (192.168.0.2)    R2    (10.0.0.2)-----------/

I ping R4 from R3 and and trafic goes through R1 (with higher HSRP priority) and if I shutdown interface on R1 I have to wait 2-4 minutes till the tunnel up between R2<->R3. Meantime I see messages on R2 (~10x) :

*Apr 30 22:09:35.071: %CRYPTO-4-IKMP_NO_SA: IKE message from 10.0.0.3 has no SA and is not an initialization offer

I thought that SSO functionality keeps the information about the neighboor tunnel and can take the role very fast.

My question: is it OK that the process takes couple of minutes or can be something wrong with my SSO configuration ?

redundancy inter-device

scheme standby HA-out

!

!

redundancy

!

!

ipc zone default

association 1

  no shutdown

  protocol sctp

   local-port 5000

    path-retransmit 10

    assoc-retransmit 10

   remote-port 5000

    remote-ip 10.0.0.1

Thank you for any advice

Hubert

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)

Actions

Login or Register to take actions

This Discussion

Posted April 30, 2012 at 1:38 PM
Stats:
Replies:0 Avg. Rating:
Views:435 Votes:0
Shares:0
Tags: vpn, hsrp, sso, ha
+

Related Content

Discussions Leaderboard