How to set the VPN client connection failover?

Zyxel_Charlie
Zyxel_Charlie Posts: 1,034  Zyxel Employee
First Anniversary Friend Collector First Answer First Comment
edited June 2022 in VPN


 

How do I set the VPN client connection failover?

The customer has 2 WAN IPs with two VPN connections at the branch site. One of them is a dynamic IP. The VPN connection must failover to WAN2 once the WAN1 connection is down.

Answer

Step1: In the web GUI, go to the Configuration > Network > Interface > Trunk > User configuration > Add screen. Set WAN2’s mode to Passive.

 

Step2. Enable Disconnect Connections Before Falling Back.

 

Step3: Go to Configuration > VPN > IPSec VPN > VPN Gateway.

Set My Address to "0.0.0.0" (The USG will dial-up with the active WAN interface first).

Since WAN2’s interface IP is dynamic, you can use Dynamic VPN in this case.

 

 

Step4:

Please use the command line  "Router(config)# client-side-vpn-failover-fallback activate"

The tunnel will fall back to WAN1 automatically once the WAN1 connection has recovered.

 

Tagged: