I'm currently deploying 2 x 3030 for a customer doing load balancing. Since both are of the same model, I set the priority for both boxes to 10 as advised in the documentation. However, when I tried to test the setup by shutting down the master, the slave did not take over(The documentation did mention that it should take over). I keep on getting this message :
182 02/24/2003 21:42:45.170 SEV=4 IP/5 RPT=5
Client Static ARP delete of <IP address of VPN> failed for Interface 2.
Couldnt' find anything that can explain this on CCO. Could someone help?
The documentation also did not mention what will happen to existing connections should one of the devices fail. Anybody any idea?
Most of all, is there a documentation that list all log messages and give ample explanation on them?
Do you have IPSec configured under the load-balancing section? If so, try turning that off and see if it works better. If it does, then we can turn it back on, but go under the Configuration/System/Tunneling protocols/IPSEC/IKE proposals and activate the proposal "IKE-3DES-MD5" on both boxes, or at least check that it is active.
If either device fails, then all users will be disconnected and have to reconnect. They don't have to change anything in their client, they just hit Connect and the load balancing will make sure that everyone connects into the only active concentrator.
As for the documentation, this is coming, a lot of customers have asked for this. Converting all the error messages into HTML format will take a while though, but it is being done as time permits.
Just another question : Now that we know that load balancing does not failover active remote access connection to the remaining boxes and that users have to reconnect again, I would like to know if VRRP will be able to do it.
That is, if instead of load balancing, VRRP is configured, do users have to reconnect again should the existing Concentrator that they are connecting to fails.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...