Controllerless Networks

Hi
I'm working on the ZTP solution for small branch offices using a 7010 as Brach and 7210 as Master controller but during the WAN failover scenarios I noticed that once the VPN tunnel is broken due to a disconnect of the uplink connection or just with a simple clearing the security association, the controller is no longer able to re-establish the VPN tunnel with the master. The only work-around to this behavior is a reload. I use for the test the version 6.4.3.6
Is anyone aware of any particular issue/bug preventing the branch controller to VPNing again? Or does the Branch controller need to talk again with Activate to retrieve the VPN gateway?

Thanks

 

What are you using as your secondary uplink ?

Do you have enabled WAN health check ?

 

 

Hi Victor

I have a 4G wired  connection which I tested as primary and works great. WAN health check is actived

 

 

Regards,

Antonio

 

I've isolated the issues. Basically my master controller uses a public IP which belongs to a super subnet which I've configured on the static routes to make sure branch controllers send corporate traffic over the ipsec tunnel so when I lose the VPN tunnel at the remote site, the branch control tries to send the traffic to my master over the IPSec tunnel to recover the VPN . Adding a static route which points to the active uplink recovers the connectivity but this is not a solution. How can I push from the master a static route pointing to both of the uplinks ?
Thanks

Problem fixed. I removed from the static route list the corporate network which contains of the the prefixes used for my Master controller and instead I've added a PBR from the user to the role applied to the BoC poitning to the ipsec tunnels and works.

 

Thanks,

Antonio

Hi aboj, please I need some directions from you. I'll be setting up a branch site with a 7030 controller. Can you give me some guidelines on how to do this. Thank you.