Created on 09-15-2023 12:27 AM Edited on 09-15-2023 12:28 AM By Jean-Philippe_P
Description |
This article describes the process of configuring an IPsec VPN as a failover route to maintain uninterrupted internet access in the event of a primary ISP connection failure.
The scenario involves two sites, Site1 and Site2, where the primary objective is to establish an IPsec VPN tunnel through Site2 to ensure continuous connectivity for critical operations, even during network interruptions. |
Scope |
Imagine a scenario where there are two sites, Site1 and Site2. To ensure continuous internet access at Site1, it is wanted to establish an IPsec VPN tunnel as a failover route through Site2 in case Site1's primary ISP link goes down. This configuration helps maintain seamless connectivity even in the face of network interruptions.
|
Solution |
Step 1: Configure a Dummy Network Between the Peers (Performed on Both Sites). Begin by creating a dummy network between Site1 and Site2. This is a fundamental step for routing internet traffic through the IPsec tunnel.
On Site1:
On Site2: Perform identical steps as Site1 but assign the IP Address as 10.0.0.2/32.
Step 2: Adjust IPsec Configuration (Perform on Both Sites). Update the IPsec Phase 2 selectors to permit all traffic through the IPsec tunnel. Modify the Local and Remote Addresses to 0.0.0.0/0.0.0.0.
Step 3: Configure SD-WAN (Perform on Site1).
Step 4: Create 2 SD-WAN Rules (Perform on Site1). Establish two SD-WAN rules to effectively manage traffic.
Rule 1 - IPsec Traffic: This rule directs IPsec traffic appropriately.
Rule 2 - Default Traffic: This rule manages all other traffic.
Step 5: Setup Performance SLAs to Enable Traffic Failover. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.