Hi, community. I have an issue with my failover VPN to Azure.
I have an XG210 v19, connected to 2 ISPs. I have a VPN connection to Azure cloud for SAP services. As recommended for Sophos, I created the VPN as tunnel interface, with xfrm interfaces. The VPN works OK. I can reach the remotes servers.
Here the problem: as we have 2 ISPs, we want to have a failover connection. So, I created another VPN tunnel interface. Now, the routing: Sophos recommend do that with SD-WAN routes. But the problem is the configuration that Azure give to us. This is the topology:
Azure gave us the parameters they use for create the tunnel. In the tunnel interface they use the network "169.254.0.1/30", so I have to use .2. In the other tunnel, they use the .2 and I have to use the .1.
This configuration works. But when I want to automatizate it, doesn´t.
First, I tried to create the SD-WAN. But when I created the gateway, choosing the xfrm interface, I can´t to do the health check. I can´t to reach anything. So, when ISP 1 is down, the rule never realizes.
Then, I tried to route with static routes. I created a principal route throw ISP 1, and other with a greater distance throw ISP 2. If I disable manually the main tunnel (ISP 1), the routing works ok. But, I tried to disconnect the ISP 1 (phisicaly disconnect the cable) and the routing doesn´t work.
Anybody have a similar problem? How can I do SD-WAN routes with this particular configuration? I don´t think Azure wanna change their configuration files.
This thread was automatically locked due to age.