Hmm, I'm not sure we are talking about the same thing here. Anyway, thanks for your help.
On Mon, May 7, 2012 at 4:53 AM, Kingsley Charles <[email protected] > wrote: > If it reconnects, then HSRP is not working for you. > > With regards > Kings > > > On Sun, May 6, 2012 at 11:43 PM, Ben Shaw <[email protected]> wrote: > >> Using backup servers is a different approach to what I am doing and >> should be used when the redundant headend routers are not running HSRP >> between them. >> >> Considering I am running HSRP and targetting the VIP, their is no backup >> routers to target, the VIP itself provides the HA. Now yes, the VIP will >> still be up when a HSRP failover occurs but the tunnel will go down and in >> my tests it seems only the HW client detects the tunnel failure and >> reconnects to the VIP which is now hosted by the secondary. The software >> client doesn't perform the automatic reconnection to the VIP when a tunnel >> fails. But I am not sure if this is a limitation of the client or if >> considering the limited configurability of the IPSec SW client it can be >> configured to operate any differently. >> >> >> On Sun, May 6, 2012 at 6:12 AM, Kingsley Charles < >> [email protected]> wrote: >> >>> Yes, it can get backup list from the EzVPN server or local >>> configuration. >>> >>> Now why should it jump to those backup servers, when the VIP is still >>> alive? >>> >>> With regards >>> Kings >>> >>> >>> On Sun, May 6, 2012 at 12:32 AM, Ben Shaw <[email protected]> wrote: >>> >>>> I am targetting the VIP address and also thought it would work as both >>>> the HW and SW client are using the Unity Client protocol so as far as I was >>>> aware are seen the same from the routers perspective. >>>> >>>> Do you know for a fact the SW client will do automatic reconnection >>>> when a tunnel fails do to the primary router going down which will then >>>> result in a reconnection to the secondary? >>>> >>>> >>>> >>>> On Sun, May 6, 2012 at 1:54 AM, Kingsley Charles < >>>> [email protected]> wrote: >>>> >>>>> It should work, if you are peering the HSRP address. >>>>> >>>>> >>>>> With regards >>>>> Kings >>>>> >>>>> On Sat, May 5, 2012 at 7:39 PM, Ben Shaw <[email protected]> wrote: >>>>> >>>>>> Hi All >>>>>> >>>>>> I am labbing up a couple of 1800s to use in a stateless HA pair for >>>>>> IPSec/Easy VPN. At the moment I am using crypto maps. >>>>>> >>>>>> Targeting the HSRP address of the 1800s, my 871 Easy VPN client >>>>>> detects when the tunnel goes down as a result of the HSRP VIP changing to >>>>>> the secondary 1800 when an interface fails on the primary 1800. When the >>>>>> interface comes back and preempt causes the HSRP roles to change back, >>>>>> the >>>>>> 871 client again detects the dead peer and recreates a tunnel to the >>>>>> active >>>>>> 1800. >>>>>> >>>>>> I am wondering though if this can be done with the IPSec Client? I am >>>>>> connecting to the same group with the IPSec client and when I failover >>>>>> the >>>>>> HSRP routers the clients tunnel eventually just times out but it does not >>>>>> automatically try and reconnect like the 871 does. Should I expect this >>>>>> to >>>>>> occur or is this automatic reconnection unique to hardware VPN tunnels? >>>>>> >>>>>> Thanks >>>>>> Ben >>>>>> >>>>>> _______________________________________________ >>>>>> For more information regarding industry leading CCIE Lab training, >>>>>> please visit www.ipexpert.com >>>>>> >>>>>> Are you a CCNP or CCIE and looking for a job? Check out >>>>>> www.PlatinumPlacement.com >>>>>> >>>>> >>>>> >>>> >>> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
