cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
369
Views
0
Helpful
4
Replies

Adding an ASA5520 to a VPN 3000 Concentrator Load Balance Setup

Sighclops
Level 1
Level 1

I have 2 VPN 3015 Concentrators running a Load Balance setup. I want to add a new ASA 5520 to the Load Balance Cluster. When I enable the ASA to participate it sees the master VPN 3015 and goes into a backup role but then looks to lose connection and revert to a master role. It continues to go back and forth. I never see the ASA under my VPN 3015 Load balancing Statistics. Not sure what I am missing. The ASA is in the same networks as the Concentrators for both private and public interfaces. Same virtual cluster IP, using the same UDP port, same IPSEC shared Secret. Any direction on troubleshooting this is appreciated.

4 Replies 4

ggilbert
Cisco Employee
Cisco Employee

Can you disable encryption and see if it works?

Check the IP addresses and make sure its not overlapping.

Can you please run the following debugs:

deb cry isa 200

deb cry ipsec 200

Can you please send the output of the following commands:

sh vpn-sessiondb det remote

sh vpn load-balancing

sh run all vpn load

Thanks

Gilbert

I do not want to remove encryption as the VPN 3000s are working fine and being used in a production environment.

Attached is the:

sh vpn-sessiondb det remote

sh vpn load-balancing

sh run all vpn load

deb cry ipsec 200 gave me nothing.

deb cry isa 200 is attached.

Looks to be issues with Phase 1 SAs

I've had a similar problem with two 3060 concentrators where someone deleted/disabled all the IKE proposals but them needed for Remote Access VPN.

I saw the "VCA" connection in the concentrators session monitoring going up and down.

The trick was just to reenable a specific IKE proposal. (Sorry, I dont have correct name / settings handy, feel free to ask, when needed.)

I have removed my 2 Concentrators and fired up my 2 ASAs. They are load balancing fine. i had planned on blending in one at a time but deciced to do the full cut and had no issues. thanks for the looks and the few replies

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: