Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Colin_Campbell1
Contributor

VPN peer in multiple VPN Communities

Hi,

I'm using R81.10 with a number of domain-based S2S VPNs but am starting to get a number of requests for route-based VPNs. Normally that's fine for new peers but I have one request to switch a VPN from domain-based to route-based and am wanting to know if I can make roll-back easy by not having to dismantle any of the existing VPN.

So, here's the situation.

I have an existing interoperable device, call it vpn_ABC that is used as a satellite gateway in a domain-based community, call it Domain_Community.

The peer's owner wants to switch to route-based VPN but using the same peer (vpn_ABC).

If I create a new community, say Routed_Community, can I use the same centre gateway and same satellite gateway in that community but manually change the VPN domains for those gateways within this new community to be an empty group which I have created for route-based VPNs. In other words I'd end up with this:

Domain_Community (not used in any rules)

  • centre gateway = my_cluster with VPN domain = VPN_Domain (object group with multiple networks)
  • satellite gateway = vpn_ABC with VPN domain = ABC_Domain (object group with multiple networks)

Routed_Community (used in a rule)

  • centre gateway = my_cluster with VPN domain, manually set in the community = Empty_Group
  • satellite gateway = vpn_ABC with VPN domain, manually set in the community = Empty_Group

Will such a setup even work? Will my_cluster know to use the route-based VPN instead of the domain-based VPN?

Does any of that make sense?

 

Colin

 

 

0 Kudos
2 Replies
_Val_
Admin
Admin

Yes, it does make sense, but please make sure you figure out routing in the process. I would start in a lab first

0 Kudos
Colin_Campbell1
Contributor

HI,

 

Got the answer this morning when I installed policy which failed verification: "Please note that a pair of objects can appear only in one intranet community at most."

Colin

0 Kudos