Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
maschimidt
New Contributor

IP-sec redundancy tunnel

Hello. We have a customer who has two internet links, and he currently has an ipsec vpn tunnel with our company. We have only 1 internet link, is it possible for me to create another tunnel with the same settings as the tunnel in production by changing only the remote gateway in the configuration on my side?

I believe that on his side, you will need to create another route for this second link at a higher cost than the first, right?

Thanks all

2 REPLIES 2
oscar37
New Contributor

Hi maschimidt,

assuming you have site 2 site tunnel,

You can build another tunnel to customers secondary WAN with the same settings and monitor the Primary tunnel from backup tunnel.

 

That way Backup tunnel will only come up when primary goes down .

 

 

Thank You

Oscar

 

 

emnoc
Esteemed Contributor III

FWIW I prefer using a routing protocol and failure between the two VPN would happen automatically with no effort from the fw.admin

 

Ken Felix

 

PCNSE 

NSE 

StrongSwan