The customer has 2 WAN IPs with two VPN connections at the branch site. One of them is a dynamic IP. The VPN connection must failover to WAN2 once the WAN1 connection is down.
How to set up the VPN client connection failover?
1. In the web GUI, go to the Configuration > Network > Interface > Trunk > User configuration > Add screen.
Set WAN2’s mode to Passive.
2. Enable Disconnect Connections Before Falling Back.
3. Go to Configuration > VPN > IPSec VPN > VPN Gateway.
Set My Address to "0.0.0.0" (The USG will dial-up with the active WAN interface first).
Since WAN2’s interface IP is dynamic, you can use Dynamic VPN in this case.
4. Enter the following command via SSH on the device:
Router(config)# client-side-vpn-failover-fallback activate"
Afterwards, the tunnel will fall back to WAN1 automatically once the WAN1 connection has recovered.