XG to XG IPSEC VPN setup with dual WAN zt each site

Good afternoon,

I have two XG firewalls. Each FW has 2 wan connections. My goal is to setup an IPSEC vpn between the two sites, using the 2 different WAN links.

I can do this pretty easily using a VPN failover group, but turning on VPN Failover disables dead peer detection. VPN failover only works if a gateway goes down, it won't notice if a tunnel is down.

Is there a way to setup the VPNs between the 2 sites that will work with DPD? SInce the two VPNs use different gateways, I can actually bring them both online at the same time, but I can only imagine what a mess it would make with traffic routing if both VPNS were up at the same time.

Thoughts?

Parents Reply
  • So SD-WAN policy routing in v18 supports RED tunnels? Seems like it might be easier to maintain control then with ROute BAsed VPN. I Looked at your reference article, but I don't see how that applies to multiple IPSEC tunnels to/from the same locations. Would it just be multiple tunnels with multiple routing options? Hopefully if a tunnel was down it would remove/skip that policy route in favor of a route that was up and passing traffic.

Children
No Data