Hi,
I had configured two VPNs/Site betwen HQ and sites (Hub/spoke) for resilience. One of two VPN is a Dialup over 4G and the other is an IPSEC site-to-site over Radio links (Fluidmesh). no loadbalanacing or SDWAN in this architecture.
So my problem is when the Spoke chang the IP Publics (VPN dialup over 4G), is creating a new phase 1/phase2 on Hub but the old phase1/phase2 still stuck on Hub so i get 2 connections dialup over the same vpn and is causing disconnecting on communication between 2 sites.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If I am not mistaken once the dialed up VPN dials up it should show as a Connected route and that is why since it is dynamic. I could be wrong. I would need to lab that out. I see this is your just putting the dial up VPN on the FGT vs individual machines https://omegle.onl/ .
Hello @adbgz ,
Did you configure dpd (dead peer detection) on your ipsec configuration? DPD will detect peer status and change tunnel status to down for the old tunnel.
hi ozkanaltas,
I disabled it, because I need the tunnel stay up even if there is no traffic, because the equipment on the remote site only responds to commands launched from the HQ, so in most time there is no traffic in tunnel and i think if i applied dpd it will put the tunnel (the good one) down.
Hi @adbgz ,
I think you can use dpd with on-demand mode. This mode is triggered if one peer sends a packet and the remote side does not respond to this package, dpd removes the tunnel.
You can read this article about dpd on dial-up tunnels.
Created on 03-28-2024 07:59 AM Edited on 03-28-2024 08:08 AM
I think I'm going too fast, both tunnels are falling down when i applied dpd. That's what I was afraid of.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.