Hi Cisco Community,
One common issue I’ve faced is IPSec tunnels dropping or flapping during WAN failover. Sometimes Dead Peer Detection (DPD) timers kick in too late, or NAT-T creates problems.
My questions to the community are:
- What parameters (timers, keepalives) do you normally adjust for stable failover?
- Do you prefer static routes or dynamic routing (BGP/OSPF) across the tunnels?
- Any Cisco guides or design best practices you recommend for stable IPSec under failover?
Thanks,
