Hello,
I read a lot about redundancy for Site-to-Site VPN but I found no topic which matches my case, so I hope someone can help.
My UTM has one uplink interface and there is an ipsec tunnel to the remotei site which has two WAN interfaces. We have the problem that the VPN tunnel sometimes fails because of routing errors in the WAN infrastructure, then we change the interface/gateway on both sites to the second interface of the remote site and everything works (these are two different provider and it's a known problem).
Now we want to have a automatic failover for that case. The VPN tunnel should be established between my site and the primary WAN interface of the other site and if it fails it should failover to the secondary WAN interface automatically. How can I achieve this?
My idea:
Local Site A:
Local Interface -> A-WAN1
Remote Gateway -> Availabilty Group (B-WAN1, B-WAN2)
Remote Site B:
Local Interface -> Interface Group (B-WAN1, B-WAN2)
Remote Gateway -> A-WAN1
How does the UTM recognize that it has to failover to the second interface in an interface group? Both interfaces have an internet uplink all the time and only the vpn connection fails on the first interface because of the mentioned routing issues.
Thanks!
This thread was automatically locked due to age.