Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
255
Views
0
Helpful
1
Replies

Site to site VPN with redundant link

S.ashok S
Level 1
Level 1

‎05-19-2016 02:24 AM

Hi,

We have two sites connected by IPSec site to site VPN, one end Fortigate firewall with one ISP and other end Cisco ASA with two ISPs.

I have configured IPSLA with PBR for load sharing and link fail over, everything working for inside users to access Internet.

I have configured site to site VPN on primary link, working fine but when we activate the VPN on backup link with same crypto-map, encryption and decryption not happening resulting no communication between the sites.

I have observed that when we shut down primary link, my VPN traffic is passing through.

when the primary link active and shut down secondary link, VPN traffic is passing through but when both links are active then traffic not passing through.

When we checked packet tracer, showing encryption and decryption not allowed but hitting correct NAT entry and ACL.

Can some one help to resolve the issue.

Thanks and regards,

Ashok

Labels:
0 Helpful
1 Reply 1

Tim Y
Level 1
Level 1

‎05-19-2016 11:29 AM

Hi there,

Can you show configs? Could be any number of things.

Regards,

Tim

0 Helpful
Customers Also Viewed These Support Documents