Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SA 520 and SA 540 VPN Failover issue

Screen shot 2010-06-21 at 2.25.26 PM.png

I tried the above scenario to test the vpn failover in these SA devices, the following are the configuration i have done :-

  • The ports are configured as above.
  • The optional port is configured as WAN port.
  • In optional port ->WAN mode i have selected auto rollover using WAN port "Dedicated WAN" and ping the gateway IP.
  • I have created two IKE policies and two VPN policies where the second one is selected as a backup policy.
  • I have enabled the rollover.
  • I have defined two static ip route one for the WAN with metric 10 and another for the OPT. with metric 15.


  • The primary VPN is up and can communicate between two LAN.


  • When the WAN link goes down, the Optional port took long time to get up (sometimes in sa 520 the opt port didn't goes up)
  • In VPN status the back up policy comes in play but didnt get up. (while only using the optional port the back up VPN goes up)

I want the vpn failover smoothly in these devices. don't know where the problem is.. HELP me guys to get out of this problem.

New Member

Re: SA 520 and SA 540 VPN Failover issue

I'm having the exact same issue.  Our static IP on the primary WAN port is fine, the optional port is into a backup (Comcast) line pulling DHCP.  I had the WAN Failover working for about 2 days, then it stopped working all of a sudden.

Anyone else having this issue?  I had a complete failure of the router a week ago on the WAN ports.  I would hope we can get an answer to this as it's an advertised feature of the SA 540 that doesn't seem to be working well.

CreatePlease login to create content