LSVPN Portal Redundancy

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

LSVPN Portal Redundancy

L1 Bithead

I successfully setup LSVPN with a single portal , 2 gateways and some satellites.  I realized that if my portal goes down for any reason, then the gateways are useless since the satellite needs the portal to get to the gateways.  Any ideas on how best to setup a 2nd portal?    Currently, my portal is on one of the gateways.  I was thinking i can setup the 2nd portal on the other gateway.  Can I reuse the same certificate that was generated on the first portal or do i need a new cert?  The 2nd portal would have the same gateways as the 1st portal.  Or is there a way to make the satellite cache the portal cert for an extended period so i don't need to create a 2nd portal?


Cyber Elite
Cyber Elite

By default the portal configuration is cached for 24 hours. So the real question here is if you would be hosting the secondary portal on a different physical device or not, or on a different ISP. With an Active/Passive setup the reason to setup a secondary portal for redundancy sake would really be up to if you have multiple ISPs. If you don't, you won't gain a lot.


So things to think about.

1) Hardware Failure.

If you have an Active/Passive HA setup this isn't that big of an issue, your passive unit would take over.

If you don't have an HA setup do you have another piece of hardware a truly redundant set of portal and gateway could live on.


2) ISP Failure.

If you don't have a secondary ISP then this obviously isn't something you could fix. But if you do, I like to have a portal on each route, so if one ISP connection is down you can still connect to the other. 


@BPry I have 1 site in NYC and a site in Dallas each with HA pairs(active/standby).    I have 2 ISP's at each site and was planning to have the NYC site have one portal and one gateway and the Dallas site have the other portal and one gateway.  So each portal would have both of the gateways configured for each satellite.  The portals would use one ISP at each site.  Does this make sense?  

L0 Member

Greetings. Although this is from 2020, I have similar situation.

Eridavis- sorry for jumping into your thread.


Looking to replace cisco ezvpn solution with LSVPN. 2 gateways each @ different DCs with its own ISP. Can I have redundant portal (different IP) portals so satellite will authenticate by any available portal (or always portal1 if there is priority). This helps incase if primary portal not available. Or One portal only and able to set the authentication timer longer..say 3years?





  • 3 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!