Scenario: IPSec LAN-to-LAN tunnel between two ASA appliances, both running 7.2(3).
Remote site has an E-1 connection and a backup via DSL, set up with track commands for default routes. Tracking is working as verified by Internet traffic switching successfully to backup link and back. VPN traffic fails over normally to backup link. When primary link is restored, VPN traffic stops flowing until ISAKMP is manually cleared. Failing the backup connection will also restore connectivity by the main link. This appears to be because there is already an ISAKMP SA on the backup link, and hence the primary ISAKMP SA refuses to negotiate to the same peer. However, the routing is trying to go to the main link but there is no SA, so traffic fails. We've tried playing with DPD, etc. to no avail. Possible options seem to be somehow tying the ISAKMP to the track command or establishing a second SA to the same peer that stays up. A clue or a pointer to one would be appreciated. -- Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
