I'm using software A3(2.2) with a 4710 and I'm load-balancing IPSec across 5 different VPN Routers. This has been working for me for over a year... I'm trying to take one of the five real servers (no. 3) out-of-service gracefully so that I can do some maintenance. I used the "inservice standby" setting using the GUI (in Config/Operations) but the ACE kept sending IPSec connections to that server anyway. Then I manually cleared the sticky database from the CLI. And the ACE is STILL sending IPSec connections to that server anyway. What's got me stumped is that when I look at the newly re-created sticky database, I see no new entries for server no.3. When I look at the number of active connections according to the ACE (using Monitor in the GUI) and at the CLI, they are steadily declining and never increasing. But when I connect to the no. 3 VPN Router, its' IPSec connections are continuously increasing because the ACE is sending it connections. I checked the status of the rserver at the ACE and it's "inservice standby" both at the GUI and CLI. What am I missing?
... View more