Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Multiple VPN Peer addresses

I know you can assign mulptile VPN peer address for a site-to-site VPN.

Question:

Say you have a site-to-site VPN with a company and they will be changing their peer address (changing to a new ISP), but you will not be available to change the address. Can you in-advance of their address change go-ahead and set the new VPN peer address? You will have two VPN peer addresses, but later when you are availble remove the old VPN peer address?

Thanks

1 REPLY
Hall of Fame Super Blue

Re: Multiple VPN Peer addresses

mbroberson1 wrote:

I know you can assign mulptile VPN peer address for a site-to-site VPN.

Question:

Say you have a site-to-site VPN with a company and they will be changing their peer address (changing to a new ISP), but you will not be available to change the address. Can you in-advance of their address change go-ahead and set the new VPN peer address? You will have two VPN peer addresses, but later when you are availble remove the old VPN peer address?

Thanks

Yes you could do this. The vpn peers are tried in the order you enter them so if the first one was unavailable then the second entry would be used.

The only problem you may have is that your device might still think the first IPSEC tunnel is valid. If the other device is a Cisco device you should be able to use DPD (Dead Peer Detection). If not then you will probably want to lower the ISAKMP and IPSEC timers for the tunnels.

Jon

1116
Views
5
Helpful
1
Replies