L2L VPN Quick Question

Unanswered Question
Oct 1st, 2007

Hi,


Just a quick question. I have a site to site VPN set up between two 515e's. I have recently rerouted the traffic that was previously traversing this link over a managed MPLS network. I was thinking i may keep the L2L VPN running as a failover option.


My question is would keeping the VPN link running use any significant overhead?


Regards

J Mack

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
haroon.shaikh Mon, 10/01/2007 - 17:56

I dont think it should be of any overhead apart from normal keepalives. Also isakmp and ipsec will try to re-negotiate security associations after their lifetime is expired.


What you could do is set their security association lifetime to 1 day and they will re-negotiate them every 24 hours.

Actions

This Discussion