Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1297
Views
5
Helpful
1
Replies

Multiple VPN Peer addresses

mbroberson1
Level 3
Level 3

‎11-30-2009 01:44 PM

I know you can assign mulptile VPN peer address for a site-to-site VPN.

Question:

Say you have a site-to-site VPN with a company and they will be changing their peer address (changing to a new ISP), but you will not be available to change the address. Can you in-advance of their address change go-ahead and set the new VPN peer address? You will have two VPN peer addresses, but later when you are availble remove the old VPN peer address?

Thanks

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎11-30-2009 03:03 PM 

mbroberson1 wrote:
I know you can assign mulptile VPN peer address for a site-to-site VPN.
Question:
Say you have a site-to-site VPN with a company and they will be changing their peer address (changing to a new ISP), but you will not be available to change the address. Can you in-advance of their address change go-ahead and set the new VPN peer address? You will have two VPN peer addresses, but later when you are availble remove the old VPN peer address?
Thanks

Yes you could do this. The vpn peers are tried in the order you enter them so if the first one was unavailable then the second entry would be used.

The only problem you may have is that your device might still think the first IPSEC tunnel is valid. If the other device is a Cisco device you should be able to use DPD (Dead Peer Detection). If not then you will probably want to lower the ISAKMP and IPSEC timers for the tunnels.

Jon

Customers Also Viewed These Support Documents