Sorry if this is a bit broad, but just need a nudge in the right direction.
Struggling with how to utilize Metro Ethernet as an SD-WAN path for RO WAN/LAN traffic through HO, and if it is even possible.
Also, similar issue, how to approach using IPsec failover for local LAN traffic in the event Metro Ethernet is down.
Remote Offices XG125/135/210 v18-EAP3.
Port 1 – LAN (local networks) 192.168.n.x/24
Port 2 – WAN (internet and testing IPsec VPN to HO) using local cable modem
Port 4 – LAN (Metro Ethernet handoff) 172.30.255.x
Head Office XG230 v18-EAP3.
Port 1 – LAN (local networks) 192.168.x.x/16
Port 2 – WAN (HO internet, and planned backup internet for ROs)
Port 3 – DMZ
Port 5 – WAN (testing IPsec VPN to ROs)
Port 6 - HA
It will be much easier with EAP3 Refresh1, because the VTI (Route based VPN) is coming.
In this concept, you can actually build an IPsec with a Interface and route the traffic with SD-WAN / Static routing.
In that case, you do not have to figure out, which Precedence comes first. Instead both exists and uses the same "page".
Another approach would be: Use RED Site to Site.
Same setup like VTI. You have an Interface for the VPN, so you can actually SD-WAN Route everything.
Thanks LuCar. The VTI sounds very interesting, while also circling back for a Red second look.
I actually had a XG Red connection setup between sites to start some testing, when someone suggested it may not be the best for optimization of resources, so I tore it down. Sorry, I should have paid more attention to their reasoning.