Support Center > Search Results > SecureKnowledge Details
Upon a cluster failover, VPN traffic (UDP 4500) leaves the now active cluster member with the physical MAC address of the old active cluster member Technical Level
Symptoms
  • After a cluster failover, there is a VPN traffic (UDP port 4500) outage on the new active cluster member.
  • The new active cluster member shows the MAC address of the old active cluster member.
  • Not all cluster members run on the same Jumbo Hotfix Accumulator take.
Cause

Routing information of NAT-T traffic is not synchronized correctly to all kernel instances on the standby cluster member. The active member MAC address in routing information is not converted to the standby member MAC address.
As a result, after cluster failover the new active member uses the wrong MAC address for NAT-T traffic routing (MAC address of the previous active member).


Solution
Note: To view this solution you need to Sign In .