Skip to main content
cust0m
cust0m
New Member
September 23, 2020
Question

Site-to-Site IPsec VPN - Redundant Static IPs/DNS Names for Remote Gateway

  • September 23, 2020
  • 2 replies
  • 4032 views

Hi,

 

one of our customers asked us to configure a redundant Site-to-Site IPsec VPN with two static IPs or DNS-Names.

E.g. use IP/DNS name one to establish the tunnel, if this IP/DNS name is not available, establish the tunnel using IP/DNS name two. Is there a way to configure such a scenario using a FortiGate 100F with Firmware 6.0.8? Best Regards cust0m

2 replies

Markus
Markus
New Member
September 23, 2020

Hello and welcome to the forums In short, yes https://docs.fortinet.com/document/forticlient/6.0.6/administration-guide/247952/creating-redundant-ipsec-vpns

 

cust0m
cust0mAuthor
New Member
September 24, 2020

Hi,

I've solved it by simply creating two tunnels with two static IPs, two static routes with different distances and the dead pear detection feature that is enabled by default when creating a custom IPsec Site-to-Site VPN tunnel. helpful ressources:

https://www.youtube.com/watch?v=KUxhQaOwQuQ

[link]https://www.youtube.com/watch?v=xbyqfJdkB1U[/link] Best Regards cust0m

nsec
nsec
New Member
October 1, 2020

How many connection do you have in both sites? 2 - 2? To my point of view, the configuration is static, so, you don't need a DNS resolution. IPSec VPN is tipacaly used to site-to-site so, you only need to configuring the VPN failover ALG to keep always up the tunnel; use SD-WAN technology to create your priorities (based on customer's request). What you want is more useful for SSL VPN

 

Please think about updating FortiOS.

--

n

Terms & ConditionsAccessibility statement