Thanks for looking in.
I'm trying out a lab setup to replace the current end of lifel solution we have in our production environment.
We have a 1GB fibre link between the HO and BO and they are in the same layer 2 broadcast domain. There is a single DC providing DNS and DHCP at the HO to DHCP clients at BO. I'm unable to change the subnet range at either site.
What I'm trying to achieve is the following:
- Site-to-Site LAN traffic (172.16.1.0/24)
- Primary route via fibre link
- Secondary route via P2 (WAN) IPsec/RED tunnel if fibre link fails
- External traffic
- Primary route via local P2 WAN gateway
- Secondary route via fibre link to remote P2 WAN gateway
My test environment looks like this:
I've had mixed results so far with my tests.
I set up a RED interface and bridged with P1 (LAN) which routed between HO and BO via P4 (configured as WAN) and the external traffic routed out via P2 (WAN) without any trouble, but I've been unable to find how to add a secondary RED tunnel to provide failover. Unlike the diagram example given in KB336999 Deployment Scenarios where "If SFOS_WAN1 is down: RED_WAN1 will connect to SFOS_WAN2" I'm trying to get "If SFOS_WAN1 is down: RED_WAN2 will connect to SFOS_WAN2".
I also tried setting up IPsec Site-to-Site as per Configuring Site-to-Site IPsec NAT and was able to set up a failover group on the BO which worked as far as the tunnel was concerned, but the NAT didn't work for me and I was unable to pass any traffic in either direction.
I'm sure that I'm re-treading old ground for many of you, but my searches have brought up more questions than answers (many of which are many years old) and any pointers would be very helpful.
Thanks again,
Andy
This thread was automatically locked due to age.
