cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
391
Views
4
Helpful
3
Replies

HA IPSec reload

todd.martin-02
Level 1
Level 1

I have an HA IPSec router pair that has HSRP between them. In a normal senario when a link fails it causes the router to reload.

I would like to delay the reload up to 5 seconds after a link failure to prevent erronious reloads.

does anyone know if there is a configuration to delay the reload? this is the section that I believe the delay would be configured.

ipc zone default

association 1

no shutdown

protocol sctp

local-port 5555

local-ip 10.10.10.1

retransmit-timeout 500 15000

path-retransmit 10

remote-port 5555

remote-ip 10.10.10.2

3 Replies 3

m.matteson
Level 2
Level 2

try

standby [group-number] priority

priority [preempt [delay [minimum |

sync] delay]]

Thanks but no cigar.

It did not delay te reload upon link failure.

I thought that the reload was a function of SCTP. and the ha redundandcy scheme inter-device.

any other ideas?

Hello,

afaik there is no "reload delay timer". So the only option I can think of would be to experiment with interface keepalive timers to overcome short link flaps. This will of course depend on the type of interface and L2 protocol in place.

Hope this helps! Please rate all posts.

Regards, Martin

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco