GetVPN is still one of my items I work on. During the last months we fight against several issues in in Ciscos IOS NX software on the ASR router platform and we had to upgrade several times because of software bugs in GetVPN and WCCP. But this was not the only road block my way to a full meshed and fully encrypted wide area network. Finally in our last Cisco TAC case it turned out that very likely one pair of our ASR1006 routers might have also an hardware issue. These two routers have an very early hardware revision of redundant ESP and route processor cards. Since Cisco was not 100% sure about this and at the other hand they would not be responsible for another crash on of our data centers, they decided to proactivly swap all ESP and RP cards. This was actually the job during my last weekend.
With good remote hands support I was able to swap all cards in our router pair without any kind of impact to the data center. To make it a little bit more difficult for us, Cisco delivered the RP cards without any software image. What a surprise as I just got a rommon> prompt. So my remote hands support had to „dance“ with an USB stick between the data center racks.
Anyway, we got it solved and now have brand new latest hw release ESP/RP cards in our ASR1006, which means we can take again the try to get GetVPN enabled in the WAN.
Update will follow soon…
No Comments