Solved: Re: IP SLA Failover Not Working onsite or accross VPN's - Page 2

justinoleary911 · ‎01-17-2018

someone please help

justinoleary911 · ‎02-06-2018

someone please help

Georg Pauwen · ‎02-07-2018

Hello,

just to be sure, do you have the ip sla responder configured on the other side ?

justinoleary911 · ‎02-07-2018

someone please help

Georg Pauwen · ‎02-07-2018

Hello,

try and add the below EEM script to your configuration. This clears the crypto session and NAT translations in case of a failover, it also adds the static NAT entries which would otherwise not work.

Does that make a difference ? Even if it doesn't, leave that script in your configuration.

event manager applet CLEAR_NAT_DOWN
event track 1 state down
action 1.0 cli command "enable"
action 2.0 cli command "clear crypto session"
action 3.0 cli command "clear ip nat translation forced"
action 4.0 cli command "conf t"
action 4.1 cli command "no ip nat inside source static tcp 192.168.110.133 443 interface GigabitEthernet0/1 443"
action 4.2 cli command "no ip nat inside source static udp 192.168.110.133 3391 interface GigabitEthernet0/1 3391"
action 4.3 cli command "ip nat inside source static tcp 192.168.110.133 443 interface GigabitEthernet0/0/0 443"
action 4.4 cli command "ip nat inside source static udp 192.168.110.133 3391 interface GigabitEthernet0/0/0 3391"
action 5.0 cli command "exit"

event manager applet CLEAR_NAT_UP
event track 1 state up
action 1.0 cli command "enable"
action 2.0 cli command "clear crypto session"
action 3.0 cli command "clear ip nat translation forced"
action 4.0 cli command "conf t"
action 4.1 cli command "no ip nat inside source static tcp 192.168.110.133 443 interface GigabitEthernet0/0/0 443"
action 4.2 cli command "no ip nat inside source static udp 192.168.110.133 3391 interface GigabitEthernet0/0/0 3391"
action 4.3 cli command "ip nat inside source static tcp 192.168.110.133 443 interface GigabitEthernet0/1 443"
action 4.4 cli command "ip nat inside source static udp 192.168.110.133 3391 interface GigabitEthernet0/1 3391"
action 5.0 cli command "exit"

justinoleary911 · ‎02-07-2018

someone please help

justinoleary911 · ‎02-07-2018

someone please help

justinoleary911 · ‎02-07-2018

someone please help

Georg Pauwen · ‎02-08-2018

Hello,

in the script it is assumed that GigabitEthernet0/1 is the primary interface, and GigabitEthernet0/0/0 the backup. If that is reversed, you need to reverse the script as well...

justinoleary911 · ‎02-08-2018

someone please help

Georg Pauwen · ‎02-08-2018

Hello,

if GigabitEthernet0/0/0 is your primary port, make sure the 'track 1' is added to the default route pointing to that port.

Otherwise, the script looks good. The best way to enter it into your configuration is to paste it in config mode:

R1#conf t

R1(config)# --> paste the lines starting with 'event manager applet' here

Repeat the same thing for the other event manager applet.

The original problem of course was to find out if the failover works now...

justinoleary911 · ‎02-08-2018

someone please help

Georg Pauwen · ‎02-09-2018

Hello,

the track goes on the primary route:

ip route 0.0.0.0 0.0.0.0 50.225.187.209 track 1 <-- primary route
ip route 0.0.0.0 0.0.0.0 70.89.25.230 10 <-- secondary route with higher AD

justinoleary911 · ‎02-09-2018

Perfect! That's how it's been. All is running smoothly right now everything is in the live config and stable. I will test the failover sometime next week. And let you know the status.

Thanks for all of your help

justinoleary911 · ‎03-09-2018

thank you very much for all your help. took me a while to get a window to test everything , everything working