I'm going to build an IPSec VPN with remote site (using ASR1001) and trying to find an answer on quite a basic question.
On the local site, we have two XG210. We have two Internet connections. I would like to create a IPSec for each connection. Do we need to have BGP in place to use Failover Group for those two IPSec connections to work as Primary/Backup?
Thank you for contacting the Sophos Community.
No, you don't need to configure BGP for IPsec Failover. SFOS selects the subsequent active connection from the list if the primary connection fails.
Thank you for confirming that.
Have one more question - are both types of VPNs (Routed Based and Policy Based) suitable for Failover Groups, considering there is no BGP?
Will be setting up the VPN in next few days, so hope all will go fine :)