Support Center > Search Results > SecureKnowledge Details
VPN SAs are not failing over properly to upgraded R76 cluster member during Optimal Service Upgrade
Symptoms
  • VPN SAs are not failing over properly to upgraded R76 cluster member during Optimal Service Upgrade, and SAs remain established on the original member.

  • Output of the 'vpn tunnelutil' command on the upgraded R76 member shows that it does get new SPIs, but the VPN tunnel will not establish.
Cause

When the 'cphaosu start' command is issued on a upgraded member, it should automatically invoke the command 'fw ctl set int osu_fire 1', which is used to make sure that VPN tunnels are terminated properly on the upgraded member.


Solution
Note: To view this solution you need to Sign In .