I am testing IOS 12.4(8) Ent/FW/IDS/IPSec 3Des, specifically the IPSec HA feature. I have 2 7204 vxrs set up as my head end VPN HA pair and several remote VPN devices including a 7206, PIX 506E and a Netscreen FW. The IPSec HA feature works great when I establish the tunnel between the 7206 and the HA Pair 7204s. I can set up multiple telnets, FTP session and continuos pings and fail them over all day without issue. However, when I establish the tunnel between the HA pair and either the PIX or the Netsceen, the continuous pings work fine and so do the multiple telnet sessions, but as soon as I transfer a large file via FTP, the IPC communication seems to be failing and both HA routers think they are active that the peer is disabled. all connections through the HA pair stop and eventually the router that was the backup reboots. The pings begin to respond and I get my telnet sessions back but they are very slow with alot of latency. The ftp session was closed and did not come back. Has anyone seen this issue before ?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...