Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

12.4(8) IPSec HA issue

I am testing IOS 12.4(8) Ent/FW/IDS/IPSec 3Des, specifically the IPSec HA feature. I have 2 7204 vxrs set up as my head end VPN HA pair and several remote VPN devices including a 7206, PIX 506E and a Netscreen FW. The IPSec HA feature works great when I establish the tunnel between the 7206 and the HA Pair 7204s. I can set up multiple telnets, FTP session and continuos pings and fail them over all day without issue. However, when I establish the tunnel between the HA pair and either the PIX or the Netsceen, the continuous pings work fine and so do the multiple telnet sessions, but as soon as I transfer a large file via FTP, the IPC communication seems to be failing and both HA routers think they are active that the peer is disabled. all connections through the HA pair stop and eventually the router that was the backup reboots. The pings begin to respond and I get my telnet sessions back but they are very slow with alot of latency. The ftp session was closed and did not come back. Has anyone seen this issue before ?



  • VPN

Re: 12.4(8) IPSec HA issue

You can view the statistics of the traffic being cached (FTP hits) by issuing the show statistics ftp command in the cache engine

using show statistics ftp command.To troubleshoot use debug ftp packets.Please refer the following URL