I ping R4 from R3 and and trafic goes through R1 (with higher HSRP priority) and if I shutdown interface on R1 I have to wait 2-4 minutes till the tunnel up between R2<->R3. Meantime I see messages on R2 (~10x) :
*Apr 30 22:09:35.071: %CRYPTO-4-IKMP_NO_SA: IKE message from 10.0.0.3 has no SA and is not an initialization offer
I thought that SSO functionality keeps the information about the neighboor tunnel and can take the role very fast.
My question: is it OK that the process takes couple of minutes or can be something wrong with my SSO configuration ?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...