Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Redundant IPSEC Tunnel

Hi, On the peer side there are two public ip fed as primary and secondary for site to site IPSEC tunnel. On my side how do I achieve it and having only one public interface on which these two remote peer bound? 1.Creating two diffirent tunnels for respective remote peer ip in policy mode? Will this work?If primary of remote fail it will switch to secondary ip.But one primary back again will it be able to come to primary?Or If both remote ip are up then there will be two tunnels up at a time or any failover type setting from my side too. or 2.Interface mode VPN? Do let me know if going with interface mode..What would be the configuration.Looks as if i need to have monitor-phase1 command. How would be the routing? Do I need to have configure a secondry ip somewhere?What ip would that be? Can somebody suggest a link or example on same? Reg, Sushil
Valued Contributor

it´s easier using route mode vpn; you´ll only need two static routes with different metric to solve your scenario. There´s examples within vpn guide, at


/ Abel

regards / Abel
New Contributor

Thanks Abel. Gone through that already and built the tunnel in redundant mode. Many thanks for your input. Reg, Sushil
Top Kudoed Authors