Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1278
Views
7
Helpful
17
Replies

Best technology to implement failover to remote backup l2l VPN?

Go to solution
jmaxwellUSAF
VIP
VIP

‎03-17-2023 06:36 AM

Hello.

TASK: implement technology so that when l2l VPN to vendor fails, EIGRP routing will redirect traffic to distant backup VPN.

Options: BGP config, SLA config, DPD config, (other)

Which option would you implement & why?

Thank you.

Labels:
0 Helpful
17 Replies 17

Go to solution
Rob Ingram
VIP
VIP
In response to jmaxwellUSAF

‎03-20-2023 07:01 AM

@jmaxwellUSAF no they are independant.

DPD runs periodically to determine the status of the VPN peer, if communication is lost it clears the Security Associations (SA). If RRI is used and there are no SAs, then the remote peer networks are removed from the routing table. RRI installs the routes of the remote peer networks into the routing table only when there is an active VPN.

Go to solution
jmaxwellUSAF
VIP
VIP
In response to Rob Ingram

‎03-20-2023 07:14 AM

Your solution seems simplest = best.

Is there a reason why, to solve this task, someone would prefer the BGP implementation?

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to jmaxwellUSAF

‎03-20-2023 07:18 AM

@jmaxwellUSAF you can, I assumed you aren't currently using BGP on your DMVPN, so therefore you'd have a lot of reconfiguration if you want to use BGP. There are several other ways to achieve the samething, I provided suggestions to integrate with your current setup the easiest.

Customers Also Viewed These Support Documents