Staff

Technical Tip: Tuning Redundant S2S VPN

Description

This article describes that, create two s2s VPN tunnel on each ISP link, the failover taking too long.

Scope

IPsec VPN.

Solution

Change the value below to speed up the failover process for IPsec tunnel.

# config vpn ipsec phase1-interfac
edit <Tunnel Name>
set dpd-retrycount X
set dpd-retryinterval Y
end

By default X=3 and Y=20, it will take up 50seconds in total.
Change the Y value to 5, so that it takes 15 seconds to failover.

Sign up