How do I set the VPN client connection failover?
The customer has 2 WAN IPs with two VPN connections at the branch site. One of them is a dynamic IP. The VPN connection must failover to WAN2 once the WAN1 connection is down.
Answer
Step1: In the web GUI, go to the Configuration > Network > Interface > Trunk > User configuration > Add screen. Set WAN2’s mode to Passive.
|
Step2. Enable Disconnect Connections Before Falling Back. |
Step3: Go to Configuration > VPN > IPSec VPN > VPN Gateway.
Set My Address to "0.0.0.0" (The USG will dial-up with the active WAN interface first).
Since WAN2’s interface IP is dynamic, you can use Dynamic VPN in this case.
Step4:
Please use the command line "Router(config)# client-side-vpn-failover-fallback activate"
The tunnel will fall back to WAN1 automatically once the WAN1 connection has recovered.
KB-00146
Comments
0 comments
Please sign in to leave a comment.