08-16-2007 12:44 PM - edited 03-09-2019 06:37 PM
Hi,
I've recently "syncronised" the configuration of our 2 3020 boxes using http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2284/products_tech_note09186a008050643e.shtml
The only differences I can see in the config now is the IP addressing, hostnames, and master/backup1. However, during a failover test, none of our remote VPN3002 hardware clients will establish connection to the secondardy concentrator when it is active. L2L sessions do come up however. Just the remote sessions from the HW clients fail.
Any help would be great.
Thanks,
Andy.
08-22-2007 02:21 PM
The Backup LAN-to-LAN feature lets you establish redundancy for your LAN-to-LAN connection. Unlike VRRP, which provides a failover for the VPN Concentrator, Backup LAN-to-LAN provides a failover for the connection itself. Although VRRP and Backup LAN-to-LAN are both ways of establishing continuity of service should a VPN Concentrator fail, Backup LAN-to-LAN provides certain advantages that VRRP does not.
You can configure Backup LAN-to-LAN and load balancing on the same device, but you cannot configure VRRP and load balancing on the same VPN Concentrator.
Redundant Backup LAN-to-LAN peers do not have to be located at the same site. VRRP backup peers cannot be geographically dispersed
08-22-2007 03:44 PM
Thanks for the responce. Though with VRRP, when the concentrator fails, the secondary takes over the VRRP address, which all the HW clients are peered to, thus they should be able to re-establish the VPN. I would imagine this is a reasonably common setup so I'm a little baffled as to why it's not working since the configs are essentially identicle. Perhaps a certificate issue?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide