When policy route is used for failover IP-Sec tunnels die. Why?
Hi,
I am a lucky guy! I have two fiber hookups to the internet. One is 500M/bit, te second 100M/bit. I would like to use the 500 as the main pipe and the 100 as a failover.
Therefor I have created two policy routes where if the 500 (Ge3) fials, the 100 (Ge2) takes over. In theory this works fine as I also changed the trunk to spill-over (user configured). When I activate the policy routes my IP-Sec VPN tunnels die however.
I have been looking if I can find a way to leave the tunnels up and running but cannot find a way.
What can be the problem?
All Replies
-
Hi @JeroenSoree
Regarding to the topology you deployed, it’s our suggestion that you can implement VTI to achieve the purpose.
VTI VPN Tunnel Interface is used to configure IPSec-based VPNs between site-to-site devices.
VTI is similar to other physical interfaces so that policy route, static route and trunk can be applied when the tunnel is activated.
Here is the FAQ of how to setup IPSec site-to-site VPN by using VTI on the USG .
1
Categories
- All Categories
- 396 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 86 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 915 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 912 Nebula FAQ
- 419 Security FAQ
- 237 Switch FAQ
- 207 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight