Avaya 3.7 User Manual
Using advanced features
226 Avaya VPNmanager Configuration Guide Release 3.7
5. Click the Enable High Availability check box to disable High Availability on the remaining
security gateway.
6. Click Update Devices from the Configuration Console.
Click OK to complete update.
Failover
Use the Failover object to configure up to five IP addresses for tunnel endpoint (TEP) for the
security gateways. These IP addresses are used for failover locations in the case of VPN or
clear traffic failure.
security gateways. These IP addresses are used for failover locations in the case of VPN or
clear traffic failure.
Figure 73: Failover Tab
When Failover is configured, a security gateway periodically checks connectivity to designated
devices to evaluate the availability of the network path to the central-site resources. These
devices can be within the VPN, such as the corporate e-mail server at the central site. These
devices can also be outside the VPN, such as a public DNS server.
devices to evaluate the availability of the network path to the central-site resources. These
devices can be within the VPN, such as the corporate e-mail server at the central site. These
devices can also be outside the VPN, such as a public DNS server.
When a network path fails, the remote security gateway tries to establish a network path
through an alternate central-site. If the remote security gateway cannot use that second
central-site TEP to establish a network path, the remote security gateway continues through the
list of configured TEPs, and tries to establish a usable network path to the central-site
resources. If none of the configured tunnels can establish a network path, and the remote
security gateway is configured with a public-backup interface, the remote device tries to
establish a path through this alternate link.When the public-backup zone is in use, the security
gateway does not perform failover connectivity-checks to the designated hosts. When the idle
timer is enabled, and as long as there is traffic, this alternate network link is used. If the
configured idle time elapses, the public-backup interface is taken down. The security gateway
then tries to reestablish the network connectivity through the primary network path.
through an alternate central-site. If the remote security gateway cannot use that second
central-site TEP to establish a network path, the remote security gateway continues through the
list of configured TEPs, and tries to establish a usable network path to the central-site
resources. If none of the configured tunnels can establish a network path, and the remote
security gateway is configured with a public-backup interface, the remote device tries to
establish a path through this alternate link.When the public-backup zone is in use, the security
gateway does not perform failover connectivity-checks to the designated hosts. When the idle
timer is enabled, and as long as there is traffic, this alternate network link is used. If the
configured idle time elapses, the public-backup interface is taken down. The security gateway
then tries to reestablish the network connectivity through the primary network path.