Hi,
I'm using R81.10 with a number of domain-based S2S VPNs but am starting to get a number of requests for route-based VPNs. Normally that's fine for new peers but I have one request to switch a VPN from domain-based to route-based and am wanting to know if I can make roll-back easy by not having to dismantle any of the existing VPN.
So, here's the situation.
I have an existing interoperable device, call it vpn_ABC that is used as a satellite gateway in a domain-based community, call it Domain_Community.
The peer's owner wants to switch to route-based VPN but using the same peer (vpn_ABC).
If I create a new community, say Routed_Community, can I use the same centre gateway and same satellite gateway in that community but manually change the VPN domains for those gateways within this new community to be an empty group which I have created for route-based VPNs. In other words I'd end up with this:
Domain_Community (not used in any rules)
- centre gateway = my_cluster with VPN domain = VPN_Domain (object group with multiple networks)
- satellite gateway = vpn_ABC with VPN domain = ABC_Domain (object group with multiple networks)
Routed_Community (used in a rule)
- centre gateway = my_cluster with VPN domain, manually set in the community = Empty_Group
- satellite gateway = vpn_ABC with VPN domain, manually set in the community = Empty_Group
Will such a setup even work? Will my_cluster know to use the route-based VPN instead of the domain-based VPN?
Does any of that make sense?
Colin