Showing results for 
Search instead for 
Did you mean: 

Problem with VPN L2L and RA in a failover configuration

I'm using two ASA 5540 in active-standby failover configuration. These boxes (primary and secondary) are used to establish some L2L and RA (Remote Access) VPN. The active box run OSPF process.

The problem is when failover occurs (just shuting down the active box, or running 'failover active' in a secondary box) all L2L don't be reestablished in a secondary box. The unique way that I can do this (reestablish the connection) is removing the RRI (Reverse Route Injection) configuration (eg. 'no crypto map rprbbe_map 3 set reverse-route') and putting the rri configuration ( 'crypto map rprbbe_map 3 set reverse-route'). After do this the connection is reestablished.

In RA clients the session persists, on a failover event, but the client lost the access. To solve this, the client need to disconnect and reconnect.

Someone have experience with this kind of VPN (L2L and RA) configuration using failover?
2 Accepted Solutions

Accepted Solutions