|
In this scenario, the site-site IPSec tunnel has been created as described in this document: Basic site-to-site VPN with pre-shared key but the tunnel was still down.
Default routes were configured below:
config router static
edit 1
set dst 0.0.0.0 0.0.0.0
set device wan1
set gateway <gateway_address>
set distance 10
next
edit 2
set dst 0.0.0.0 0.0.0.0
set device wan2
set gateway <gateway_address>
set distance 20
next
end
The distance of the wan2 route is 20. It is not active in the routing table hence IPSec tunnel is down.
To activate both routes in the routing table and still want wan2 as the secondary ISP, keep the distance the same and assign a higher priority number.
Configure the wan2 default route :
config router static
edit 2
set dst 0.0.0.0 0.0.0.0
set device wan2
set gateway <gateway_address>
set distance 10
set priority 10
next
end
Note:
The default priority of an interface is 1. The lower the priority number, the higher the preference.
|
