Multiple VPN Peer addresses

Unanswered Question
Nov 30th, 2009

I know you can assign mulptile VPN peer address for a site-to-site VPN.

Question:

Say you have a site-to-site VPN with a company and they will be changing their peer address (changing to a new ISP), but you will not be available to change the address. Can you in-advance of their address change go-ahead and set the new VPN peer address? You will have two VPN peer addresses, but later when you are availble remove the old VPN peer address?

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Mon, 11/30/2009 - 15:03

mbroberson1 wrote:

I know you can assign mulptile VPN peer address for a site-to-site VPN.

Question:

Say you have a site-to-site VPN with a company and they will be changing their peer address (changing to a new ISP), but you will not be available to change the address. Can you in-advance of their address change go-ahead and set the new VPN peer address? You will have two VPN peer addresses, but later when you are availble remove the old VPN peer address?

Thanks

Yes you could do this. The vpn peers are tried in the order you enter them so if the first one was unavailable then the second entry would be used.

The only problem you may have is that your device might still think the first IPSEC tunnel is valid. If the other device is a Cisco device you should be able to use DPD (Dead Peer Detection). If not then you will probably want to lower the ISAKMP and IPSEC timers for the tunnels.

Jon

Actions

This Discussion