On Tue, May 29, 2007 at 11:50:08PM -0700, Deepak wrote: > Hi, Hello!
> I have a virtual IP address which shifts from node A to node B, upon > failover in a solaris cluster. (Solaris 10) Client (C) will later > connect. Initially Ipsec is established between nodeA and client C when A > holds the virtual ip address. Later when the ip address moves to node B > ipsec seems to establish, but connections over this link do not happen. > Scenario: > 1. C connects to A and A connects to C > 2. Failover from A to B. > 3. IPsec SA's are seen establishing. > 4. But connection attempts between B& C do not happen. > > Can somebody help in understanding why this happens. See what "kstat ip:0:ipdrop" on nodes B and C say? If IPsec is dropping packets, these counters will increase. Also, is there something you can see with snoop or wireshark? For example, maybe traffic is only flowing one way for some reason? You said SAs are establishing, so at least IKE seems to be moving... Dan
