A customer of mine has got two seperate internet connections for redundancy, both fiber (one 50mbit, one 10mbit). We've placed two 100D's for routing and they now want redundancy on the IPSec VPN tunnel that goes to our datacenter (which also has two 100D's.
The internet redundancy itself is configured with two static routes for 0.0.0.0/0 to the gateway of the provider with a lower priority for the 50mbit line, this works as is.
I thought to do the same with the IPSec tunnels, so I created two tunnels, one for each provider. Below are the details:
This seems to be OK, but a Phase 2 is never initialized. Instead it just shows the first error message again (and then the second and so on).
As soon as I bring the Tele2 interface back up, the IPSec tunnel for the Tele2 line comes online and everything is working again.
I’ve also tried connecting both of the IPSec tunnels to the same remote GW, this didn’t work as well. Both of the IPSec Remote GW IP addresses are on the WAN interface of my firewall in the datacenter.
How can I fix this issue? What is the correct configuration for such a setup?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.