Using static internal IPs through two VPN devices

Posted on 2013-05-29
Last Modified: 2013-10-14
I have a group of users who are assigned static IPs when VPNing into our network, in order to accurately send them audio/video streams.  They are getting assigned 192.168.7.x IPs.  Routing for 192.168.7.x on our internal core switches points towards our single VPN endpoint.

I would like to configure a backup VPN endpoint that might be used by these users.  I can assign them their 192.168.7.x IPs through RADIUS, but how would my routing work?  My core switches are currently pointing towards the existing VPN device for 192.168.7.x addresses.  Is there any way to tell them that 192.168.7.x address might be through VPN device 1, but might also be through VPN device 2?  Thank you for any help that you can provide.
Question by:sloth10k
  • 4
  • 2
LVL 68

Expert Comment

ID: 39206167
You can provide a route to the other device, with a higher metric (TTL). However, that requires that the link to the primary VPN router goes down, or an according ICMP message is sent back from that router if the VPN is not available.

Author Comment

ID: 39208395
As you point out, that solution would require sort of an all-or-nothing cutover between the two devices.  I am looking for a solution where the two VPN devices could be used in parallel.  For example, remote users on a certain ISP cannot access VPN device 1, but they can access device 2, because the two devices are on different carriers.  Thanks for the suggestion.
LVL 68

Expert Comment

ID: 39208412
A route can always point to a single gateway only. The info of where a incoming packet was coming from (which router etc.) is not available (or ignored), so a "return same way" approach is not feasible.

I assume the association between client and ISP (and hence device to use) is static? Then you should be able to split the .7 network in subclasses reserved for each VPN device, and create routes accordingly. Instead of subclassing, different VLAN tagging might be working, too.
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.


Author Comment

ID: 39216603
Unfortunately, the association between client and ISP is not static.  It's possible that any remote client may need to come into either of the two VPN devices.
LVL 68

Accepted Solution

Qlemo earned 500 total points
ID: 39217455
Then "You can't do that" seems to be the appropriate answer ...

Expert Comment

ID: 39218253
The only solution is the split 192.168.7.x into 2 subnets, and assign IPs depending on what VPN router the user hits. So on VPN he might get and on VPN2 me might get
LVL 68

Expert Comment

ID: 39571642

The asker insists on having static IPs, with "dynamic" ISP. Subnetting has been suggested already, but is not available because of the non-static ISP association.

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Undo a Print Server Setup 5 73
Confused about VPN connection and private IP addresses..?? 5 43
Unknown security group 2 59
PCI Compliance Free scan 2 76
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now