Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

GET VPN Duplicatre Primary Cooperative Key Servers

I've recently setup GET VPN Cooperative Key Servers, 1 with a priority of 100 and the other a priority of 75. Initially the KS with a priority of 100 comes up as primary, and the other as secondary, as expected

About 2 minutes later, the secondary transitions to Primary, at which point both KS remain primary.

Both KS are NAT behind separate Group Members. Each are on different ends of an MPLS circuit, in different states.

Any help suggestions?

Below is the output from each KS, using sh crypto gdoi ks coop

Crypto Gdoi Group Name :gdoi-group

Group handle: 2147483650, Local Key Server handle: 2147483650

Local Address: 10.116.127.5

Local Priority: 100

Local KS Role: Primary , Local KS Status: Alive

Primary Timers:

Primary Refresh Policy Time: 20

Remaining Time: 5

Antireplay Sequence Number: 33

Peer Sessions:

Session 1:

Server handle: 2147483663

Peer Address: 68.138.128.186

Peer Priority: 75

Peer KS Role: Primary , Peer KS Status: Alive

Antireplay Sequence Number: 34

IKE status: Established

Counters:

Ann msgs sent: 27

Ann msgs sent with reply request: 5

Ann msgs recv: 37

Ann msgs recv with reply request: 2

Packet sent drops: 1

Packet Recv drops: 39

Total bytes sent: 18759

Total bytes recv: 17589

Crypto Gdoi Group Name :gdoi-group

Group handle: 2147483650, Local Key Server handle: 2147483650

Local Address: 10.108.127.5

Local Priority: 75

Local KS Role: Primary , Local KS Status: Alive

Primary Timers:

Primary Refresh Policy Time: 20

Remaining Time: 0

Antireplay Sequence Number: 34

Peer Sessions:

Session 1:

Server handle: 2147483655

Peer Address: 68.138.171.130

Peer Priority: 100

Peer KS Role: Primary , Peer KS Status: Alive

Antireplay Sequence Number: 31

IKE status: Established

Counters:

Ann msgs sent: 31

Ann msgs sent with reply request: 2

Ann msgs recv: 68

Ann msgs recv with reply request: 4

Packet sent drops: 3

Packet Recv drops: 72

Total bytes sent: 33825

Total bytes recv: 36504

Thank you.

1 REPLY
Silver

Re: GET VPN Duplicatre Primary Cooperative Key Servers

For the configuration of 10.108.127.5 I see Local KS Role: Primary , Local KS Status: Alive . You can try changing the Local KE role to secondary.

213
Views
0
Helpful
1
Replies
CreatePlease to create content