- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-07-2018 07:35 PM
I am trying to setup redundant VPN gateways so I will have the ability to fail them over for servicing etc.. I have configured 2 VGVA's and have configured OSPF routing .. Everything appears to connect properly however when both VGVA's are running I am only able to ping a few addresses.. Basically ospf is providing routes to the secondary VGVA and it is not forwarding to the BR (XR200) .. Maybe I am missing something but I thought that the 'active' VGVA would be the only one advertising routes to the area..Or maybe I have to look at something else.. ?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-13-2018 12:49 PM
Not saying that it can’t be done differently but here is what I had to do to get it to work properly..
1. Configure each VGVA in ‘one-armed’ mode only using the WAN.
2. Put each VGVA in its own vlan/subnet.
3. On my core router I had to increase the cost of the vlan interface going to the ‘secondary’ VGVA in OSPF.
After those steps it seem to work as expected.. I have a 40 second convergence time which is due to the dead-interval time on the OSPF configuration.. Unfortunately this is something that Aerohive does not let me adjust so I cannot improve performance there, but I can at least live with 40 seconds.
Sam if there is any further information that you can shed on this configuration or if you feel that the tech data would help I can collect that and send it over as well..
Dave Allaby
Network Support Analyst
Information Systems Division
Haldimand County
Cayuga Administration Building
45 Munsee St. N., Cayuga, ON N0A 1E0
Tel: 905-318-5932 x6266
Fax: 905-772-3542
www.HaldimandCounty.on.ca<>
P Please consider the environment before printing this e-mail.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-13-2018 12:49 PM
Not saying that it can’t be done differently but here is what I had to do to get it to work properly..
1. Configure each VGVA in ‘one-armed’ mode only using the WAN.
2. Put each VGVA in its own vlan/subnet.
3. On my core router I had to increase the cost of the vlan interface going to the ‘secondary’ VGVA in OSPF.
After those steps it seem to work as expected.. I have a 40 second convergence time which is due to the dead-interval time on the OSPF configuration.. Unfortunately this is something that Aerohive does not let me adjust so I cannot improve performance there, but I can at least live with 40 seconds.
Sam if there is any further information that you can shed on this configuration or if you feel that the tech data would help I can collect that and send it over as well..
Dave Allaby
Network Support Analyst
Information Systems Division
Haldimand County
Cayuga Administration Building
45 Munsee St. N., Cayuga, ON N0A 1E0
Tel: 905-318-5932 x6266
Fax: 905-772-3542
www.HaldimandCounty.on.ca<>
P Please consider the environment before printing this e-mail.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-10-2018 09:02 PM
Thanks for that data, it does look like both are up. If you could grab tech data from the BR and the CVG and email that over to me, I'd like to check a few things in your configuration to get a better idea of what we're working with.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-10-2018 12:56 PM
I ran the command and yes it definitely has both tunnels established.. I emailed the actual output..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-07-2018 08:39 PM
Could you run the following command on the BR (VPN client)? We are trying to make sure that the BR has two tunnels built; one to each CVG. If you could post the output to this conversation, or if you'd rather email it to me directly please feel free to do so at communityhelp@aerohive.com, I would appreciate it.
show vpn ipsec-tunnel
