When using many VPNs the system load may become too high to function properly. The following configuration tips will minimize the load generated by VPNs.
- In a hub and spoke model the hub site should not use the Autostart option and should be configured for Passive testing. Each remote site will use Autostart and Active testing to manage their own VPN connection back to the hub. This will prevent excess load at the hub site
- For sites that have many VPNs and are using Active testing the IPsec VPN Failover Testing Interval can be increased to a longer interval. A longer interval will lower the load generated by many VPNs performing frequent testing.
Refer to https://support.ecessa.com/hc/en-us/articles/200143806-IPSEC-Site-to-Site-VPN-tunnel-10-7-2- for details of these configuration options.
0 Comments