• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 778
  • Last Modified:

Route VPN connection during DR site failover

Currently we have a few clients that we have a site to site vpn connection with to our data center.  We are in the process of adding a DR site in the event our primary data center fails.  My question is "how can I get the site to site connections to connect to the DR site?"    If we fail to the DR site the IP obviously changes and the connection is not valid.  How does the client recognize that traffic needs to go through a new vpn connection?
0
NytroZ
Asked:
NytroZ
1 Solution
 
asavenerCommented:
If they're using Cisco IOS-based devices, you can just add a second peer address to the crypto map.  If the first peer is unavailable, the VPN will switch to the second peer.

In our testing, it took about 30 seconds to detect the failure and switch to the new peer.
0
 
convergintCommented:
Does your DR site have an internet connection or is it only connected to your main data center?  If it does have it's own connection and assuming you have a capable VPN router, just add a secondary gateway to the VPN that points to your DR site.

If it is only connected to your primary site, then you will need to add it's subnet to the VPN network routes.  Again it depends on what VPN routers you are using.  We are using Sonicwalls and they have a lot of capability for additional routes on VPNs and two gateways.
0
 
NytroZAuthor Commented:
So if I understand correctly, the client needs to add the a second entry into the VPN connection for the IP address of the DR site endpoint.  If our primary IP address is unavailable the second IP address(DR site IP) will negotiate the connection?  The DR site has its own connection.
0
 
asavenerCommented:
Yes.  The DR will need its own router/VPN device, which will need to be configured to accept the VPN connections.
0
 
rauenpcCommented:
Depending on how things are setup, you will also need to look at how to handle routing failover. It's one thing to have the VPN end points failover, but it can sometimes be a challenge to get traffic to route to the correct firewall when the firewall is up and running but the internet connection is down. Everything depends on how routing is currently setup.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now