L2L VPN Quick Question

Unanswered Question
Oct 1st, 2007
User Badges:


Just a quick question. I have a site to site VPN set up between two 515e's. I have recently rerouted the traffic that was previously traversing this link over a managed MPLS network. I was thinking i may keep the L2L VPN running as a failover option.

My question is would keeping the VPN link running use any significant overhead?


J Mack

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
haroon.shaikh Mon, 10/01/2007 - 17:56
User Badges:

I dont think it should be of any overhead apart from normal keepalives. Also isakmp and ipsec will try to re-negotiate security associations after their lifetime is expired.

What you could do is set their security association lifetime to 1 day and they will re-negotiate them every 24 hours.


This Discussion