Tuesday, August 31, 2004

How can I use a VPN with a network redundancy solution?

In order to setup a VPN connection through a network redundancy router, the following requirements must be met:

- Dynamic IP VPN in “Aggressive Mode”

- IKE Keepalives set to occur fairly often (every 30 seconds recommended)

- Dead peer detection enabled (if available) and set for three misses over 180 seconds or less

VPN Operation:

By configuring VPN in this manner it will work 100% in failover mode (as long as dead peer detection is enabled). It will also work in load balancing mode, however it may occasionally timeout and need to re-sync (reset the SA or Security Association). This is accomplished via the dead peer detection process mentioned above. This re-syncing should not occur very often, and will not as long as the keepalives are set to a low number.

If your VPN does not support NAT pass-through the VPN will NOT work on failover. It is recommended that a NAT enabled VPN solution is used.

If dead-peer detection is not enabled, then manual intervention when a network failure occurs is required.


Post a Comment

Subscribe to Post Comments [Atom]

<< Home