Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
457
Views
0
Helpful
1
Replies

12.4(8) IPSec HA issue

bevarts
Level 1
Level 1

‎06-28-2006 12:37 PM - edited ‎02-21-2020 02:30 PM

I am testing IOS 12.4(8) Ent/FW/IDS/IPSec 3Des, specifically the IPSec HA feature. I have 2 7204 vxrs set up as my head end VPN HA pair and several remote VPN devices including a 7206, PIX 506E and a Netscreen FW. The IPSec HA feature works great when I establish the tunnel between the 7206 and the HA Pair 7204s. I can set up multiple telnets, FTP session and continuos pings and fail them over all day without issue. However, when I establish the tunnel between the HA pair and either the PIX or the Netsceen, the continuous pings work fine and so do the multiple telnet sessions, but as soon as I transfer a large file via FTP, the IPC communication seems to be failing and both HA routers think they are active that the peer is disabled. all connections through the HA pair stop and eventually the router that was the backup reboots. The pings begin to respond and I get my telnet sessions back but they are very slow with alot of latency. The ftp session was closed and did not come back. Has anyone seen this issue before ?

Thanks,

Brian

Labels:
0 Helpful
1 Reply 1

pradeepde
Level 5
Level 5

‎07-04-2006 08:27 AM

You can view the statistics of the traffic being cached (FTP hits) by issuing the show statistics ftp command in the cache engine

using show statistics ftp command.To troubleshoot use debug ftp packets.Please refer the following URL

http://www.cisco.com/en/US/products/hw/contnetw/ps546/products_configuration_example09186a008009460a.shtml.

0 Helpful
Customers Also Viewed These Support Documents