The customer has 2 different WAN IPs with two VPN connections at the branch site. One of them is a dynamic IP.
In case the WAN1 connection goes down for any reason the WAN2 interface should be used as Failover to keep the tunnel alive.
How to set up the VPN client connection Failover?
1. In the web GUI, go to the Configuration > Network > Interface > Trunk > User configuration > Add screen.
Set WAN2’s mode to Passive.
2. Enable "Disconnect Connections Before Falling Back".
3. Go to Configuration > VPN > IPSec VPN > VPN Gateway.
Set My Address to "0.0.0.0" (The USG will dial-up with the active WAN interface first).
Since WAN2’s interface IP is dynamic, you can use Dynamic VPN in this case.
Please make sure to use the connectivity check on both sides:
4. Enter the following command via SSH on the device:
Router(config)# client-side-vpn-failover-fallback activate
Afterwards, the tunnel will fall back to WAN1 automatically once the WAN1 connection has recovered.
Comments
0 comments
Please sign in to leave a comment.