Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
887
Views
0
Helpful
9
Replies

Problem with VPN L2L and RA in a failover configuration

Go to solution
Fernando Patzlaff
Beginner
Beginner

‎06-11-2010 11:43 AM

I'm using two ASA 5540 in active-standby failover configuration. These boxes (primary and secondary) are used to establish some L2L and RA (Remote Access) VPN. The active box run OSPF process.

The problem is when failover occurs (just shuting down the active box, or running 'failover active' in a secondary box) all L2L don't be reestablished in a secondary box. The unique way that I can do this (reestablish the connection) is removing the RRI (Reverse Route Injection) configuration (eg. 'no crypto map rprbbe_map 3 set reverse-route') and putting the rri configuration ( 'crypto map rprbbe_map 3 set reverse-route'). After do this the connection is reestablished.

In RA clients the session persists, on a failover event, but the client lost the access. To solve this, the client need to disconnect and reconnect.

Someone have experience with this kind of VPN (L2L and RA) configuration using failover?
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions