03-31-2015 03:22 PM - edited 03-05-2019 01:08 AM
I am planning a DAUL ISP VPN failover implementation on a client site and I am having difficulty understanding how to make it happen. My concerns are based on the fact that VPN Peers are defined during IPSEC L-2-L VPN config. How do I configure the router to know to initial a VPN session with the Remote site when Primary link fails?
Solved! Go to Solution.
04-10-2015 06:21 AM
Yes, exactly.
04-01-2015 10:46 AM
Hello.
The easier would be to configure 2 VPN/IPSec tunnels - one over primary link and another over secondary.
So both will be up (and available for testing/monitoring), but usually router would prefer primary and secondary as a backup.
04-10-2015 02:37 AM
Thanks Vasilii for your input. If I have an IPSEC tunnel to the primary link and secondary link, what if the Primary link of Site A fails and the Secondary link on Site B fails at the same time, it will mean that the VPN link on both sides will be down irrespective of the having a Primary and Backup ISP link.
What do you think
04-10-2015 03:58 AM
Hello.
The problem is either solved with BGP (having PI prefix) or with full-mesh of tunnels.
04-10-2015 05:45 AM
How about using a GRE Tunnel that can point to Two ISPs, Primary and Secondary at the same time such that if the primary link fails, the secondary link kicks in. It might only mean that i will need to need to setup two GRE tunnels pointing to the Two ISPs. I am thinking that this might work, what do you think?
Thanks alot for your response
04-10-2015 06:21 AM
Yes, exactly.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide