03-26-2024 11:18 PM
I have two Firepowers in two remote offices and i have two ISPs in each office, i had configured vti ipsec vpn between two offices but they are working with static routes, can i configure dynamic routing protocols for failover vpn? I tried to configure BGP but neighbours idle, what can you advice?
04-03-2024 12:54 AM
Have you changed from using the WAN interface IP to the VTI IP in the BGP neighbor command?
You would also need to preempt BGP AS on the backup VTI on both sides so that only one link (Primary link) is used. if the primary link fails this configuration will now automatically failover to the secondary VTI.
03-27-2024 01:20 AM
@sherali mamatkarimov have you configured Send Virtual Tunnel Interface IP to the peers and Allow incoming IKEv2 routes from the peers under the VPN endpoint?
03-27-2024 08:10 PM - edited 03-27-2024 08:15 PM
I haven't this option
03-28-2024 07:41 AM
What are your software versions at both ends?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide