When policy route is used for failover IP-Sec tunnels die. Why?
Freshman Member
Hi,
I am a lucky guy! I have two fiber hookups to the internet. One is 500M/bit, te second 100M/bit. I would like to use the 500 as the main pipe and the 100 as a failover.
Therefor I have created two policy routes where if the 500 (Ge3) fials, the 100 (Ge2) takes over. In theory this works fine as I also changed the trunk to spill-over (user configured). When I activate the policy routes my IP-Sec VPN tunnels die however.
I have been looking if I can find a way to leave the tunnels up and running but cannot find a way.
What can be the problem?
All Replies
-
Hi @JeroenSoree
Regarding to the topology you deployed, it’s our suggestion that you can implement VTI to achieve the purpose.
VTI VPN Tunnel Interface is used to configure IPSec-based VPNs between site-to-site devices.
VTI is similar to other physical interfaces so that policy route, static route and trunk can be applied when the tunnel is activated.
Here is the FAQ of how to setup IPSec site-to-site VPN by using VTI on the USG .
1
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 75 Security Highlight
