NytroZ
asked on
Route VPN connection during DR site failover
Currently we have a few clients that we have a site to site vpn connection with to our data center. We are in the process of adding a DR site in the event our primary data center fails. My question is "how can I get the site to site connections to connect to the DR site?" If we fail to the DR site the IP obviously changes and the connection is not valid. How does the client recognize that traffic needs to go through a new vpn connection?
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
So if I understand correctly, the client needs to add the a second entry into the VPN connection for the IP address of the DR site endpoint. If our primary IP address is unavailable the second IP address(DR site IP) will negotiate the connection? The DR site has its own connection.
Yes. The DR will need its own router/VPN device, which will need to be configured to accept the VPN connections.
Depending on how things are setup, you will also need to look at how to handle routing failover. It's one thing to have the VPN end points failover, but it can sometimes be a challenge to get traffic to route to the correct firewall when the firewall is up and running but the internet connection is down. Everything depends on how routing is currently setup.
In our testing, it took about 30 seconds to detect the failure and switch to the new peer.