Hi all,
I like to know is there possibility to keep VPN IPSec tunnels up when linked to backup interface (WAN2) and backup ISP.
I got FGT60E with WAN1 (1 ISP) and WAN2 (2 ISP - backup), to WAN1 got connected IPSec Tunnel to another FGT, and on WAN2 got connected different IPSec tunnel (needed as backup) to different location.
In Static Routes WAN1 has lower distance (8) than WAN2(10) tunnels linked to WAN2 are down, is there possibility to make them always up? Of course WAN2 interface is up.
I got enabled Auto-negotiate and Autokey Keep Alive.
When WAN1 go down and WAN2 starting to pass traffic tunnels get up and send data with no problem.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi pieciaq,
If WAN2 route has worse admin distance, its route will not be active => IPsec tunnel on WAN2 will not have a route to the peer => tunnel will stay down.
You need the admin distances to be equal so that both routes are available. (but set WAN1's priority to a better value so that the primary WAN1 is used for all outgoing internet traffic, unless overridden by policy routes or SD-WAN rules)
Hi pieciaq,
If WAN2 route has worse admin distance, its route will not be active => IPsec tunnel on WAN2 will not have a route to the peer => tunnel will stay down.
You need the admin distances to be equal so that both routes are available. (but set WAN1's priority to a better value so that the primary WAN1 is used for all outgoing internet traffic, unless overridden by policy routes or SD-WAN rules)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.