06-29-2009 03:34 AM - edited 02-21-2020 04:16 PM
Hello!
I have a trouble with stateful VPN configuration and Cisco VPN Client.
My configuration in the attach. Please check it.
So everything seems ok, but when I make Cisco VPN Client connection to standby IP address I see
cisco3825_1#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
172.16.4.209 192.40.40.100 QM_IDLE 1001 ACTIVE
IPv6 Crypto ISAKMP SA
cisco3825_1#
cisco3825_1#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Fa0/0 1 100 P Active local 10.40.40.3 10.40.40.5
Fa0/1 1 100 P Active local 172.16.4.219 172.16.4.209
But I don't see STBY isakmp connection on the backup device!
cisco3825_2#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
IPv6 Crypto ISAKMP SA
Other output:
From backup device:
cisco3825_2#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
IPv6 Crypto ISAKMP SA
cisco3825_2#show crypto session
Crypto session current status
Interface: FastEthernet0/1
Session status: UP-NO-IKE-STANDBY
Peer: 192.40.40.100 port 2726
IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 host 10.40.45.2
Active SAs: 4, origin: dynamic crypto map
cisco3825_2#show redundancy inter-device
Redundancy inter-device state: RF_INTERDEV_STATE_STDBY
Scheme: Standby
Groupname: DMZ Group State: Standby
Peer present: RF_INTERDEV_PEER_COMM
Security: Not configured
cisco3825_2#show redundancy states
my state = 8 -STANDBY HOT
peer state = 13 -ACTIVE
Mode = Duplex
Unit ID = 0
Maintenance Mode = Disabled
Manual Swact = Enabled
Communications = Up
client count = 12
client_notification_TMR = 30000 milliseconds
RF debug mask = 0x0
From active device:
cisco3825_1#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Fa0/0 1 100 P Active local 10.40.40.3 10.40.40.5
Fa0/1 1 100 P Active local 172.16.4.219 172.16.4.209
cisco3825_1#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
172.16.4.209 192.40.40.100 QM_IDLE 1001 ACTIVE
IPv6 Crypto ISAKMP SA
cisco3825_1#show redundancy inter-device
Redundancy inter-device state: RF_INTERDEV_STATE_ACT
Scheme: Standby
Groupname: DMZ Group State: Active
Peer present: RF_INTERDEV_PEER_COMM
Security: Not configured
cisco3825_1#show redundancy states
my state = 13 -ACTIVE
peer state = 8 -STANDBY HOT
Mode = Duplex
Unit ID = 0
Maintenance Mode = Disabled
Manual Swact = Enabled
Communications = Up
client count = 12
client_notification_TMR = 30000 milliseconds
RF debug mask = 0x0
cisco3825_1#show crypto session
Crypto session current status
Interface: FastEthernet0/1
Group: vpn
Assigned address: 10.40.45.2
Session status: UP-ACTIVE
Peer: 192.40.40.100 port 2726
IKE SA: local 172.16.4.209/500 remote 192.40.40.100/2726 Active
IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 host 10.40.45.2
Active SAs: 4, origin: dynamic crypto map
Please could you check is it ok that we have no isakmp connection on standby device? Are our configuration correct?
Thanks,
Egor.
06-29-2009 03:37 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide