One of the design decisions you made when selecting your VPN was whether you needed a highly available solution. Once your users expect to access the network from a hotel, from a customer location, from a coffee shop, or from home when they have a sick child, you will find they have little tolerance for outages. A downed VPN means that none of your remote workers can do much work, and in some organizations that can mean that a majority of the company could be off the network until the VPN is back up and running.

The most common method for implementing a highly available VPN is really quite simple. You buy two VPN hardware units (or implement two open-source VPNs) and then configure each as a highly available pair using the vendor’s high-availability mechanisms. Cisco offers the Hot Standby Router Protocol (HSRP), a long-time proprietary standard, which allows configuration of a pair of Cisco VPNs so that in the event the primary VPN fails, the backup takes over seamlessly. If configured correctly, end users do not notice the cutover. A more industry-standard protocol that offers similar functionality is the Virtual Router Redundancy Protocol (VRRP). You also have the option to use third-party solutions. Many of today’s load balancers offer the ability to load-balance VPNs. When one VPN fails, the load balancer automatically directs all traffic to the remaining gateway. An example of load balancing over multiple routers is the proprietary Cisco Gateway Load Balancing Protocol (GLBP).

In addition to ensuring that your VPN is highly available, also ensure that your Internet circuits have similar redundancy. If you have a single Internet connection and it goes down, VPN users will not be able to access the network. In the event of circuit outages, the user will typically need to reconnect to the VPN. This is still better than not being able to connect at all.

When you are considering a highly available VPN solution, be sure to consider the acquisition costs and the ongoing maintenance costs over the following three to five years. Continued maintenance and updates can add significant costs over the life of a product. It is important to understand the full cost of a solution rather than just the purchase price.