This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Legacy
- Aerohive Migrated Content
- Re: Setup for redundant VPN Gateways?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Setup for redundant VPN Gateways?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-07-2018 07:35 PM
I am trying to setup redundant VPN gateways so I will have the ability to fail them over for servicing etc.. I have configured 2 VGVA's and have configured OSPF routing .. Everything appears to connect properly however when both VGVA's are running I am only able to ping a few addresses.. Basically ospf is providing routes to the secondary VGVA and it is not forwarding to the BR (XR200) .. Maybe I am missing something but I thought that the 'active' VGVA would be the only one advertising routes to the area..Or maybe I have to look at something else.. ?
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-13-2018 12:49 PM
Hey Sam.. sorry for not getting back to you sooner however I believe I have it working correctly now.. I will give you the short description now and update after more testing when I am completely confident that it is working as expected..
Not saying that it can’t be done differently but here is what I had to do to get it to work properly..
1. Configure each VGVA in ‘one-armed’ mode only using the WAN.
2. Put each VGVA in its own vlan/subnet.
3. On my core router I had to increase the cost of the vlan interface going to the ‘secondary’ VGVA in OSPF.
After those steps it seem to work as expected.. I have a 40 second convergence time which is due to the dead-interval time on the OSPF configuration.. Unfortunately this is something that Aerohive does not let me adjust so I cannot improve performance there, but I can at least live with 40 seconds.
Sam if there is any further information that you can shed on this configuration or if you feel that the tech data would help I can collect that and send it over as well..
Dave Allaby
Network Support Analyst
Information Systems Division
Haldimand County
Cayuga Administration Building
45 Munsee St. N., Cayuga, ON N0A 1E0
Tel: 905-318-5932 x6266
Fax: 905-772-3542
www.HaldimandCounty.on.ca<>
P Please consider the environment before printing this e-mail.
Not saying that it can’t be done differently but here is what I had to do to get it to work properly..
1. Configure each VGVA in ‘one-armed’ mode only using the WAN.
2. Put each VGVA in its own vlan/subnet.
3. On my core router I had to increase the cost of the vlan interface going to the ‘secondary’ VGVA in OSPF.
After those steps it seem to work as expected.. I have a 40 second convergence time which is due to the dead-interval time on the OSPF configuration.. Unfortunately this is something that Aerohive does not let me adjust so I cannot improve performance there, but I can at least live with 40 seconds.
Sam if there is any further information that you can shed on this configuration or if you feel that the tech data would help I can collect that and send it over as well..
Dave Allaby
Network Support Analyst
Information Systems Division
Haldimand County
Cayuga Administration Building
45 Munsee St. N., Cayuga, ON N0A 1E0
Tel: 905-318-5932 x6266
Fax: 905-772-3542
www.HaldimandCounty.on.ca<>
P Please consider the environment before printing this e-mail.
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-13-2018 12:49 PM
Hey Sam.. sorry for not getting back to you sooner however I believe I have it working correctly now.. I will give you the short description now and update after more testing when I am completely confident that it is working as expected..
Not saying that it can’t be done differently but here is what I had to do to get it to work properly..
1. Configure each VGVA in ‘one-armed’ mode only using the WAN.
2. Put each VGVA in its own vlan/subnet.
3. On my core router I had to increase the cost of the vlan interface going to the ‘secondary’ VGVA in OSPF.
After those steps it seem to work as expected.. I have a 40 second convergence time which is due to the dead-interval time on the OSPF configuration.. Unfortunately this is something that Aerohive does not let me adjust so I cannot improve performance there, but I can at least live with 40 seconds.
Sam if there is any further information that you can shed on this configuration or if you feel that the tech data would help I can collect that and send it over as well..
Dave Allaby
Network Support Analyst
Information Systems Division
Haldimand County
Cayuga Administration Building
45 Munsee St. N., Cayuga, ON N0A 1E0
Tel: 905-318-5932 x6266
Fax: 905-772-3542
www.HaldimandCounty.on.ca<>
P Please consider the environment before printing this e-mail.
Not saying that it can’t be done differently but here is what I had to do to get it to work properly..
1. Configure each VGVA in ‘one-armed’ mode only using the WAN.
2. Put each VGVA in its own vlan/subnet.
3. On my core router I had to increase the cost of the vlan interface going to the ‘secondary’ VGVA in OSPF.
After those steps it seem to work as expected.. I have a 40 second convergence time which is due to the dead-interval time on the OSPF configuration.. Unfortunately this is something that Aerohive does not let me adjust so I cannot improve performance there, but I can at least live with 40 seconds.
Sam if there is any further information that you can shed on this configuration or if you feel that the tech data would help I can collect that and send it over as well..
Dave Allaby
Network Support Analyst
Information Systems Division
Haldimand County
Cayuga Administration Building
45 Munsee St. N., Cayuga, ON N0A 1E0
Tel: 905-318-5932 x6266
Fax: 905-772-3542
www.HaldimandCounty.on.ca<>
P Please consider the environment before printing this e-mail.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-10-2018 09:02 PM
Thanks for that data, it does look like both are up. If you could grab tech data from the BR and the CVG and email that over to me, I'd like to check a few things in your configuration to get a better idea of what we're working with.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-10-2018 12:56 PM
I ran the command and yes it definitely has both tunnels established.. I emailed the actual output..
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-07-2018 08:39 PM
Could you run the following command on the BR (VPN client)? We are trying to make sure that the BR has two tunnels built; one to each CVG. If you could post the output to this conversation, or if you'd rather email it to me directly please feel free to do so at communityhelp@aerohive.com, I would appreciate it.
show vpn ipsec-tunnel
