10-09-2007 12:19 AM
I've recently setup GET VPN Cooperative Key Servers, 1 with a priority of 100 and the other a priority of 75. Initially the KS with a priority of 100 comes up as primary, and the other as secondary, as expected
About 2 minutes later, the secondary transitions to Primary, at which point both KS remain primary.
Both KS are NAT behind separate Group Members. Each are on different ends of an MPLS circuit, in different states.
Any help suggestions?
Below is the output from each KS, using sh crypto gdoi ks coop
Crypto Gdoi Group Name :gdoi-group
Group handle: 2147483650, Local Key Server handle: 2147483650
Local Address: 10.116.127.5
Local Priority: 100
Local KS Role: Primary , Local KS Status: Alive
Primary Timers:
Primary Refresh Policy Time: 20
Remaining Time: 5
Antireplay Sequence Number: 33
Peer Sessions:
Session 1:
Server handle: 2147483663
Peer Address: 68.138.128.186
Peer Priority: 75
Peer KS Role: Primary , Peer KS Status: Alive
Antireplay Sequence Number: 34
IKE status: Established
Counters:
Ann msgs sent: 27
Ann msgs sent with reply request: 5
Ann msgs recv: 37
Ann msgs recv with reply request: 2
Packet sent drops: 1
Packet Recv drops: 39
Total bytes sent: 18759
Total bytes recv: 17589
Crypto Gdoi Group Name :gdoi-group
Group handle: 2147483650, Local Key Server handle: 2147483650
Local Address: 10.108.127.5
Local Priority: 75
Local KS Role: Primary , Local KS Status: Alive
Primary Timers:
Primary Refresh Policy Time: 20
Remaining Time: 0
Antireplay Sequence Number: 34
Peer Sessions:
Session 1:
Server handle: 2147483655
Peer Address: 68.138.171.130
Peer Priority: 100
Peer KS Role: Primary , Peer KS Status: Alive
Antireplay Sequence Number: 31
IKE status: Established
Counters:
Ann msgs sent: 31
Ann msgs sent with reply request: 2
Ann msgs recv: 68
Ann msgs recv with reply request: 4
Packet sent drops: 3
Packet Recv drops: 72
Total bytes sent: 33825
Total bytes recv: 36504
Thank you.
10-15-2007 06:23 AM
For the configuration of 10.108.127.5 I see Local KS Role: Primary , Local KS Status: Alive . You can try changing the Local KE role to secondary.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide