Setting up Site-to-Site VPN with multiple wan IP on both sides

HyungKim0105

I see the primary and secondary Peer Gateway address, which would be for the other site but what if "My address" also has 2 IP's for load balancing/failover?

I think if I was to select wan 1 or wan 2, it would not failover correctly when one of the link is down.

any help would be appreciated.

Thank you.

Zyxel_Melen

Hi @HyungKim0105,

You may consider setting up DDNS for this requirement. In addition, the Nebula firewall supports auto-selecting the VPN outgoing interface.

After setting up, the Nebula control center will provide you with a domain to connect.

HyungKim0105

Thank you for your reply.

If I didnt want to go through the DDNS route, would setting up multiple site-to-site ipsec solve the problem?

example - site 1 has ip 1.1.1.1 and 3.3.3.3. site 2 has ip 2.2.2.2 and 4.4.4.4.

setup site to site 1.1.1.1 to 2.2.2.2 and 4.4.4.4.

also set up 3.3.3.3 to 2.2.2.2 and 4.4.4.4.

would this also work?

Thank you.

Zyxel_Melen

Hi @HyungKim0105,

If you're using the USG FLEX/ATP series, please reference these information:

1. How to build dual WAN site to site VPN tunnel — Zyxel Community
2. USG FLEX/ATP User's Guide P220 How to Configure IPSec VPN Failover

Hope it helps.