Join our next TECHtalk Episode on September 28th - New Series: USG FLEX Basics 1: "Objects"

Register
English Български Čeština Dansk Deutsch Español Suomi Français Hrvatski Magyar Italiano Nederlands Norsk Polski Română Русский Slovenčina svenska Türkçe

USG/ATP/VPN Series - VPN connection Failover setup Site to Site icon

Avatar
David Mössner
  • Updated
Back to top

The customer has 2 different WAN IPs with two VPN connections at the branch site. One of them is a dynamic IP.

In case the WAN1 connection goes down for any reason the WAN2 interface should be used as Failover to keep the tunnel alive.

How to set up the VPN client connection Failover?

 

1. In the web GUI, go to the Configuration > Network > Interface > Trunk > User configuration > Add screen.
Set WAN2’s mode to Passive.

Screenshot_2021-09-20_123433.png

2.  Enable "Disconnect Connections Before Falling Back".

Screenshot_2021-09-20_123647.png

3. Go to Configuration > VPN > IPSec VPN > VPN Gateway.

Set My Address to "0.0.0.0" (The USG will dial-up with the active WAN interface first).

Since WAN2’s interface IP is dynamic, you can use Dynamic VPN in this case.

Screenshot_2021-09-20_123913.png

Please make sure to use the connectivity check on both sides:
mceclip0.png

 

4. Enter the following command via SSH on the device:

Router(config)# client-side-vpn-failover-fallback activate

Afterwards, the tunnel will fall back to WAN1 automatically once the WAN1 connection has recovered.

Check the options to contact Support
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Related articles

Comments

0 comments

Please sign in to leave a comment.