vpn function when router3825 reboot

wfqk · ‎03-27-2018

Hi We are going to upgrade ios in router 3825. The router has a lot vpn connections now. My question is what could happen and what we are going to do for the VPN during the upgrading ios. At least we need reboot one time for the upgrade. We hope least downtime for the upgrade. Thank you

Rob Ingram · ‎03-27-2018

Hi,
Do you have a backup VPN or is this router the only one? If it's the only one, then a reboot will be required and there will be downtime. If you have a backup VPN router then you could failover the VPN's to that router and ensure traffic is flowing before you upgrade the other router.
HTH

wfqk · ‎03-27-2018

Thank you! that is very good suggestion. i guess it does. Can we confirm the backup exist by some command?

If it does not have backup, do you think every vpn in this router should work well without any actions on it after the reboot? I remember some vpn is vulnerable due to some reason.

Rob Ingram · ‎03-28-2018

Hi, When I said backup I was referring to another router with a backup VPN. I assume you only have 1 router? In which case you will experience and outage on the VPNs.

When you reboot the router the other VPNs will obviously lose connectivity, if they are configured with Dead Peer Detection, they should detect the main router is down and clear the tunnel (delete the ISAKMP and IPSec SAs) , see these links for more information on DPD - link1 and link2 and link3

When the router is up and working again the other tunnels should reconnect. In case of any issues ensure you have connectivity to the remote routers when the tunnel is down so you can troubleshoot and reset the VPN if needed.

HTH