04-29-2016 06:34 AM
I'm working on the ZTP solution for small branch offices using a 7010 as Brach and 7210 as Master controller but during the WAN failover scenarios I noticed that once the VPN tunnel is broken due to a disconnect of the uplink connection or just with a simple clearing the security association, the controller is no longer able to re-establish the VPN tunnel with the master. The only work-around to this behavior is a reload. I use for the test the version 188.8.131.52
Is anyone aware of any particular issue/bug preventing the branch controller to VPNing again? Or does the Branch controller need to talk again with Activate to retrieve the VPN gateway?
Solved! Go to Solution.
04-29-2016 07:40 AM
What are you using as your secondary uplink ?
Do you have enabled WAN health check ?
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
05-08-2016 04:05 AM
05-09-2016 08:22 AM
Problem fixed. I removed from the static route list the corporate network which contains of the the prefixes used for my Master controller and instead I've added a PBR from the user to the role applied to the BoC poitning to the ipsec tunnels and works.