Hi,
I have a virtual IP address which shifts from node A to node B, upon failover
in a solaris cluster. (Solaris 10)
Client (C) will later connect. Initially Ipsec is established between nodeA and
client C when A holds the virtual ip address. Later when the ip address moves
to node B ipsec seems to establish, but connections over this link do not
happen.
Scenario:
1. C connects to A and A connects to C
2. Failover from A to B.
3. IPsec SA's are seen establishing.
4. But connection attempts between B& C do not happen.
Can somebody help in understanding why this happens.
Configuration:
on Node A
vi "/etc/inet/ike/config"
{
label "solaris"
local_id_type IP
local_addr 180.144.36.12
remote_addr 180.144.226.80
p1_xform { auth_method preshared
oakley_group 2
auth_alg sha1
encr_alg 3des }
}
vi /etc/inet/secret/ike.preshared
{
localidtype IP
localid 180.144.36.12
remoteidtype IP
remoteid 180.144.226.80
key 5041434b45544341424c45
}
vi /etc/inet/ipsecinit.conf
{raddr 180.144.226.80/24} ipsec {encr_algs 3des encr_auth_algs sha1 sa shared}
on Node B
vi "/etc/inet/ike/config"
{
label "solaris"
local_id_type IP
local_addr 180.144.36.12
remote_addr 180.144.226.80
p1_xform { auth_method preshared
oakley_group 2
auth_alg sha1
encr_alg 3des }
}
vi /etc/inet/secret/ike.preshared
{
localidtype IP
localid 180.144.36.12
remoteidtype IP
remoteid 180.144.226.80
key 5041434b45544341424c45
}
vi /etc/inet/ipsecinit.conf
{raddr 180.144.226.80/24} ipsec {encr_algs 3des encr_auth_algs sha1 sa shared}
on Client
vi "/etc/inet/ike/config"
{
label "solaris"
local_id_type IP
local_addr 180.144.226.80
remote_addr 180.144.36.12
p1_xform { auth_method preshared
oakley_group 2
auth_alg sha1
encr_alg 3des }
}
vi /etc/inet/secret/ike.preshared
{
localidtype IP
localid 180.144.226.80
remoteidtype IP
remoteid 180.144.36.12
key 5041434b45544341424c45
}
vi /etc/inet/ipsecinit.conf
{raddr 180.144.36.12/24} ipsec {encr_algs 3des encr_auth_algs sha1 sa shared}
Thanks,
Deepak
This message posted from opensolaris.org
