Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Duminda_SAT
Contributor

After Failover to second gateway Some VPN's not working

Hi, 

Need to get technical advice for troubleshooting VPN related issue. 

We have quiries, there are two gateways running with ClusterXL, Gaia Configuration like IP, Routes, Proxy Arp, configured properly. 

link also working fine. issue is once failover to second standby gateway some vpns not working. that was not identical they only have policy based VPNs. 

can anyone to advice with areas do we need to check? 

I have uploaded ike.elg file if needed. 

Thank you,

Duminda Lakmal

0 Kudos
4 Replies

How was the failover performed?

Could you also share some additional information such as the Major Version and Jumbo used with this cluster?

0 Kudos
AaronCP
Advisor

Hey @Duminda_SAT,

 

I'm currently troubleshooting the same issue with a route-based VPN we have set up. When we failover to the standby member, we lose the tunnel. Forcing a reset on the remote peer resolves the issue. We're running R81 T69 on ClusterXL HA setup.

 

I'll keep you posted on any progress in case I find anything of any use to you.

 

Thanks,

 

Aaron.

0 Kudos
Will_H
Contributor

Anyone have any updates? 

We had similar issues after an upgrade to R81.10 T66.. Some time later (our IKE timer is set to 24 hours) about 15 hours, our AWS route based VTI & BGP tunnel with AWS went down for about 15 min, came back on its on and has been solid sense.

0 Kudos
AaronCP
Advisor

Hi @Will_H,

 

I'm still troubleshooting the issue. I disabled vpn acceleration for this particular peer and the past 3 failovers I performed have been successful. I will need our 3rd party support provider to engage TAC now it's looking like disabling acceleration 'fixes' something.

 

Do you experience issues with VPN tunnels after failover, too?

0 Kudos