10-01-2007 04:23 AM - edited 03-03-2019 06:58 PM
Hi,
Just a quick question. I have a site to site VPN set up between two 515e's. I have recently rerouted the traffic that was previously traversing this link over a managed MPLS network. I was thinking i may keep the L2L VPN running as a failover option.
My question is would keeping the VPN link running use any significant overhead?
Regards
J Mack
10-01-2007 05:56 PM
I dont think it should be of any overhead apart from normal keepalives. Also isakmp and ipsec will try to re-negotiate security associations after their lifetime is expired.
What you could do is set their security association lifetime to 1 day and they will re-negotiate them every 24 hours.
10-02-2007 01:27 AM
Thanks, thats really helpful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide