cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

355
Views
0
Helpful
0
Replies
mwannemacher
Beginner

ACE with DMVPN HLB does not Work Porperly

hello team,

i have the following configuration (see blow). it works well if i put only one DMVPN router behind the ACE. after i put a second for scalability into the group, some DMVPN do no longer work ( if the router is "inservice"), one or two VPN are load balanced. and most of them do no longer work.

i believe it is a small problem. but i can not see it. so is there someone out here able to give me a hint ?

this ACE configuration is L2


object-group service IPSec
  esp
  ah
  gre
  udp eq isakmp
  udp eq 4500
object-group network DMVPN-HUB
  host x.2.3.45
  host x.2.3.46

access-list inside_in_vlan_994 line 8 extended permit eigrp any any 
access-list inside_in_vlan_994 line 16 extended permit object-group IPSec any any 
access-list inside_in_vlan_994 line 24 extended permit ip any any 
access-list outside_in_vlan_992 line 8 extended permit eigrp any any 
access-list outside_in_vlan_992 line 16 extended permit object-group IPSec any object-group DMVPN-HUB 


probe icmp ICMP
  interval 2
  faildetect 2
  passdetect interval 2


rserver host DMVPN_HUB_A
  ip address 169.254.169.27
  inservice
rserver host DMVPN_HUB_B
  ip address 169.254.169.28
  inservice

serverfarm host DMVPN_HUB
  transparent
  failaction purge
  predictor leastconns
  probe ICMP
  rserver DMVPN_HUB_A
    inservice
  rserver DMVPN_HUB_B
    inservice

parameter-map type connection UDP_Settings
  set timeout inactivity 86450

sticky ip-netmask 255.255.255.255 address source Sticky_1
  serverfarm DMVPN_HUB

class-map match-any VIP_3.45
  2 match virtual-address x.2.3.45 47
  3 match virtual-address x.2.3.45 50
  4 match virtual-address x.2.3.45 udp eq 500
  5 match virtual-address x.2.3.45 udp eq 4500
  6 match virtual-address x.2.3.45 51
class-map match-any VIP_3.46
  2 match virtual-address x.2.3.46 47
  3 match virtual-address x.2.3.46 50
  4 match virtual-address x.2.3.46 udp eq 500
  5 match virtual-address x.2.3.46 udp eq 4500
  6 match virtual-address x.2.3.46 51

policy-map type loadbalance first-match DMVPN-SLB
  class class-default
    sticky-serverfarm Sticky_1

policy-map multi-match vlan_992_in
  class VIP_3.45
    loadbalance vip inservice
    loadbalance policy DMVPN-SLB
    loadbalance vip icmp-reply
    connection advanced-options UDP_Settings
  class VIP_3.46
    loadbalance vip inservice
    loadbalance policy DMVPN-SLB
    loadbalance vip icmp-reply
    connection advanced-options UDP_Settings

interface vlan 992
  description ### outside ###
  bridge-group 1
  access-group input outside_in_vlan_992
  service-policy input vlan_992_in
  no shutdown
interface vlan 994
  description ### inside ###
  bridge-group 1
  access-group input inside_in_vlan_994
  no shutdown

interface bvi 1
  ip address 169.254.169.21 255.255.255.224
  alias 169.254.169.20 255.255.255.224
  peer ip address 169.254.169.22 255.255.255.224
  no shutdown

ip route 0.0.0.0 0.0.0.0 169.254.169.1

0 REPLIES 0