Re: [OSL | CCIE_Security] VPN Load balancing on ASA 5510

Wed, 09 Sep 2009 03:56:19 -0700 

Hi Michael

I think, there is IP duplication/conflict of 203.206.229.44.

Status:     enabled

     Role:       Backup

     Failover:   n/a

     Encryption: disabled

     Cluster IP: 203.206.229.44

     Peers:      1



                                               Load (%)         Sessions

  Public IP        Role   Pri  Model          IPSec  SSL      IPSec   SSL

---------------------------------------------------------------------------

* 203.206.229.42   Backup 10   ASA-5510          0     0         0       0

*  203.206.229.44   Master  0   UNKNOWN         n/a   n/a       n/a     n/a*

This highlighted value should be as

*  203.206.229.43   Master  1   ASA-5510         n/a   n/a       n/a     n/a
*

**

203.206.229.44 has GRAT-ARP which means duplication. I think 203.206.229.44
is being used at two places.

Please check to which device the mac-address 001c.585a.d141belongs to.



With regards

Kings

**




On Wed, Sep 9, 2009 at 3:45 PM, Michael Davis
<[email protected]>wrote:

>  Hello Everyone – I am going crazy.  I have 2 ASA 5510’s with sec+ and
> have working remote access VPN configurations on them.  Both ASA outside
> interfaces reside in the same subnet and share the same default route and
> both inside interfaces are in the same subnet also.  I have set the private
> and public interfaces correctly and I have gone over the docs and it all
> looks normal.  Can anyone see what I am missing?  It seems so simple.
> Here is my config:
>
>
>
> ASA1: outside ip 203.206.229.42/29 inside ip 192.168.1.200
>
> vpn load-balancing
>
>  priority 10
>
>  cluster ip address 203.206.229.44
>
>  cluster port 4000
>
>  participate
>
>
>
> ASA2: outside ip 203.206.229.43/29 inside ip 192.168.1.201
>
> vpn load-balancing
>
>  priority 1
>
>  cluster ip address 203.206.229.44
>
>  cluster port 4000
>
>  participate
>
> Here is the output of show vpn load-balancing on ASA1
>
> *    *Status:     enabled
>
>      Role:       Backup
>
>      Failover:   n/a
>
>      Encryption: disabled
>
>      Cluster IP: 203.206.229.44
>
>      Peers:      1
>
>
>
>                                                Load (%)         Sessions
>
>   Public IP        Role   Pri  Model          IPSec  SSL      IPSec   SSL
>
> ---------------------------------------------------------------------------
>
> * 203.206.229.42   Backup 10   ASA-5510          0     0         0       0
>
>   203.206.229.44   Master  0   UNKNOWN         n/a   n/a       n/a     n/a
>
>
>
> Here is my debug: debug vpnlb 200
>
> Master peer[203.206.229.44] is not answering HELLO
>
> 5718056: Deleted Master peer, IP 203.206.229.44
>
> 5718044: Deleted peer[203.206.229.44]
>
> 5718072: Becoming master of Load Balancing in context 0.
>
> 5718052: Received GRAT-ARP from duplicate master[001c585ad141]
>
> 5718054: Detected duplicate master[3030.3163.3538] and going to SLAVE
>
> 5718088: Possible VPN LB misconfiguration. Offending device MAC
> [001c.585a.d141]
>
> .
>
> 5718073: Becoming slave of Load Balancing in context 0.
>
>
>
> _______________________________________________
> For more information regarding industry leading CCIE Lab training, please
> visit www.ipexpert.com
>
>

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Reply via email to