Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Brent_B
New Contributor

Dual ISP redundancy with Cisco IPSEC tunnels

Hello all,

New Fortigate user here. Today I have a remote location that is using the FortiGate 40F and a custom Cisco site-to-site IPSEC tunnel back to a Cisco ASA. This connection is a link from my ISP straight to the FortiGate with a static address. We are wanting to add a secondary link as backup for this primary link. Due to wanting diversity this second link is with a Cradlepoint device from a different ISP using a cellular link. From a question standpoint I am not sure where to start. The first thing that I see that I need is to figure out how to setup redundancy. I am suspecting that I will also be configuring a second Custom Cisco site-to-site IPSEC tunnel since this will be from a different source address.  This second tunnel will then come into play when in failover mode. A lot of the documentation I am finding for redundant tunnels are Fortigate to Fortigate. Guidance or suggestions on finding a solution are most welcome.

Thanks in advance ...
Thanks in advance ...
1 REPLY 1
vdralio
Staff
Staff

Dear @Brent_B ,

 

The easiest way to create redundancy for the S2S VPN is by following the article below:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-IPsec-VPN-Site-to-Site-tunnel-monitor/ta-p...

 

Best Regards,

Vasil Dralio

Labels
Top Kudoed Authors