If it reconnects, then HSRP is not working for you. With regards Kings
On Sun, May 6, 2012 at 11:43 PM, Ben Shaw <[email protected]> wrote: > Using backup servers is a different approach to what I am doing and should > be used when the redundant headend routers are not running HSRP between > them. > > Considering I am running HSRP and targetting the VIP, their is no backup > routers to target, the VIP itself provides the HA. Now yes, the VIP will > still be up when a HSRP failover occurs but the tunnel will go down and in > my tests it seems only the HW client detects the tunnel failure and > reconnects to the VIP which is now hosted by the secondary. The software > client doesn't perform the automatic reconnection to the VIP when a tunnel > fails. But I am not sure if this is a limitation of the client or if > considering the limited configurability of the IPSec SW client it can be > configured to operate any differently. > > > On Sun, May 6, 2012 at 6:12 AM, Kingsley Charles < > [email protected]> wrote: > >> Yes, it can get backup list from the EzVPN server or local configuration. >> >> Now why should it jump to those backup servers, when the VIP is still >> alive? >> >> With regards >> Kings >> >> >> On Sun, May 6, 2012 at 12:32 AM, Ben Shaw <[email protected]> wrote: >> >>> I am targetting the VIP address and also thought it would work as both >>> the HW and SW client are using the Unity Client protocol so as far as I was >>> aware are seen the same from the routers perspective. >>> >>> Do you know for a fact the SW client will do automatic reconnection when >>> a tunnel fails do to the primary router going down which will then result >>> in a reconnection to the secondary? >>> >>> >>> >>> On Sun, May 6, 2012 at 1:54 AM, Kingsley Charles < >>> [email protected]> wrote: >>> >>>> It should work, if you are peering the HSRP address. >>>> >>>> >>>> With regards >>>> Kings >>>> >>>> On Sat, May 5, 2012 at 7:39 PM, Ben Shaw <[email protected]> wrote: >>>> >>>>> Hi All >>>>> >>>>> I am labbing up a couple of 1800s to use in a stateless HA pair for >>>>> IPSec/Easy VPN. At the moment I am using crypto maps. >>>>> >>>>> Targeting the HSRP address of the 1800s, my 871 Easy VPN client >>>>> detects when the tunnel goes down as a result of the HSRP VIP changing to >>>>> the secondary 1800 when an interface fails on the primary 1800. When the >>>>> interface comes back and preempt causes the HSRP roles to change back, the >>>>> 871 client again detects the dead peer and recreates a tunnel to the >>>>> active >>>>> 1800. >>>>> >>>>> I am wondering though if this can be done with the IPSec Client? I am >>>>> connecting to the same group with the IPSec client and when I failover the >>>>> HSRP routers the clients tunnel eventually just times out but it does not >>>>> automatically try and reconnect like the 871 does. Should I expect this to >>>>> occur or is this automatic reconnection unique to hardware VPN tunnels? >>>>> >>>>> Thanks >>>>> Ben >>>>> >>>>> _______________________________________________ >>>>> For more information regarding industry leading CCIE Lab training, >>>>> please visit www.ipexpert.com >>>>> >>>>> Are you a CCNP or CCIE and looking for a job? Check out >>>>> www.PlatinumPlacement.com >>>>> >>>> >>>> >>> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
