Description:
GX-450 with two IPSec tunnels pointed to a dual-WAN Cisco router does not revert back to the primary VPN automatically. After a successful failover to the backup VPN, after restoration of the Cisco’s primary WAN side, only after a reboot of the GX-450 does the primary reconnect. Then in the event of it’s failure, fails over to the backup VPN successfully, however the primary VPN is always listed is “Failed” after that initial failover event.
Configuration Details:
Phase I and II SA lifetimes are at max
DPD is at 300
PFS is on
Thanks ahead of time for any recommendations,
Matthew
You can download the latest ALEOS firmware 4.9.4.p09 and retry.
Please check that the parameters on the client are matched with the VPN server on the primary and secondary tunnels.
It could be some latency on tunneling sometimes, not systematically. Latency can be reduced by having a “reduced” (peer-to-peer) DPD interval in the VPN configuration, both on the main and secondary tunnels.
I usually use 5 seconds, please try with that number.
If the primary VPN is down (i.e., DPD detects that the terminal is unresponsive), the traffic will automatically be transferred to the secondary (backup) VPN tunnel. DPD continues to ping the primary VPN response. If configured to do so, once the primary VPN tunnel is up, traffic automatically reverts to the primary VPN.
Please make sure that the primary VPN pointed to a dual-WAN Cisco router network is working after failover successfully the backup VPN.
I have set up VPN failover on GX450 ALEOS firmware 4.9.4 p09 at my side.
It can revert back to the primary VPN after failover successfully the backup VPN.
I have attached the screenshots for your reference.
Please help to mark “Solution” if your question is answered.
