Solved: VPN Failover

shobaloju rilwan · ‎03-31-2015

I am planning a DAUL ISP VPN failover implementation on a client site and I am having difficulty understanding how to make it happen. My concerns are based on the fact that VPN Peers are defined during IPSEC L-2-L VPN config. How do I configure the router to know to initial a VPN session with the Remote site when Primary link fails?

Vasilii Mikhailovskii · ‎04-10-2015

Yes, exactly.

View solution in original post

Vasilii Mikhailovskii · ‎04-01-2015

Hello.

The easier would be to configure 2 VPN/IPSec tunnels - one over primary link and another over secondary.

So both will be up (and available for testing/monitoring), but usually router would prefer primary and secondary as a backup.

shobaloju rilwan · ‎04-10-2015

Thanks Vasilii for your input. If I have an IPSEC tunnel to the primary link and secondary link, what if the Primary link of Site A fails and the Secondary link on Site B fails at the same time, it will mean that the VPN link on both sides will be down irrespective of the having a Primary and Backup ISP link.

What do you think

Vasilii Mikhailovskii · ‎04-10-2015

Hello.

The problem is either solved with BGP (having PI prefix) or with full-mesh of tunnels.

shobaloju rilwan · ‎04-10-2015

How about using a GRE Tunnel that can point to Two ISPs, Primary and Secondary at the same time such that if the primary link fails, the secondary link kicks in. It might only mean that i will need to need to setup two GRE tunnels pointing to the Two ISPs. I am thinking that this might work, what do you think?

Thanks alot for your response

Vasilii Mikhailovskii · ‎04-10-2015

Yes, exactly.