Create a Post
Showing results for 
Search instead for 
Did you mean: 

VPN S2S with two the same remote gateway ip created on the same managaement


I have an existing VPN site to site tunnel in production which is the setup is domain based VPN (My box here is 1100). Now we are about to establish the second tunnel which is the setup is Route based VPN. We have a new gateway box here which is 3100. This new tunnel will also have a vpn site to site connection with the same 3rd party gateway. My question is with regards to management side. 1100 and 3100 are both managed by the same management.The existing vpn domain configured in my remote gateway (3rd party) is not empty. As we all know, it should be empty for a route based vpn setup. We are not able to touch or do some changes on the existing remote gateway because it is on production. My only way here is to create another remote gateway with the same IP but different hostname. I want to know if it would work or what are some problem that will arise performing this? Thank you

0 Kudos
1 Reply

I can't imagine this will work very well, and it's not necessarily because of the encryption domain + route-based VPN setting.
The issue I see is using the same IP in two different objects and having different VPN settings for both gateways.
I can't see anything good coming from this. 

That said, it's not very clear what your end game is here.
Is it to replace the 1100 configured with a domain-based VPN with the 3100 configured with a route-based VPN or something else?
Please be as explicit as possible.

0 Kudos