USG 110 - VPN Site to Site with Dual Wan issue

Paul_FR · December 2020

Hi everybody,

I am working on install a VPN site to site with routeur USG Series.

The HQ has a USG110 with dual WAN, and the Branch has a USG40.

Firmware :

USG110 - V4.39(AAPH.0)

USG40 - V4.39(AALA.0)

Image: https://us.v-cdn.net/6029482/uploads/editor/q6/bc6saleu3ky8.png

Here are the settings for the VPN Ipsec :
HQ :
VPN Gateway :

Image: https://us.v-cdn.net/6029482/uploads/editor/nt/os4it3g9jn56.png

VPN Connection

Image: https://us.v-cdn.net/6029482/uploads/editor/xt/d6h2th21zkmx.png

Branch :
VPN Gateway :

Image: https://us.v-cdn.net/6029482/uploads/editor/c1/p9ky809i699h.png

VPN Connection :

My issue is that the VPN mount on WAN1, but if WAN1 fail it doesn't mount on WAN2.

Here are the logs from the USG40.
VPN - BRANCH to WAN1 HQ :

Image: https://us.v-cdn.net/6029482/uploads/editor/az/m2iavlgg5v7g.png

VPN - BRANCH to WAN2 HQ :

If i change the VPN Gateway on the HQ's USG110 :

Image: https://us.v-cdn.net/6029482/uploads/editor/e5/0hhach284awb.png

The VPN mount well.

Could someone tell me why the VPN doesn't mount on WAN2 in case of failure of WAN1?
Did i do something wrong in my settings?

Zyxel_Stanley · December 2020

Hi @Paul_FR

You can try to configure My Address as 0.0.0.0 in VPN Gateway.

It means all of interfaces could be VPN Gateway, but not only specific one.

Then branch should able to establish VPN tunnel when HQ WAN1 is dead.

Zyxel_Stanley · December 2020

Hi @Paul_FR

You can try to configure My Address as 0.0.0.0 in VPN Gateway.

It means all of interfaces could be VPN Gateway, but not only specific one.

Then branch should able to establish VPN tunnel when HQ WAN1 is dead.

Paul_FR · December 2020

Hi @Zyxel_Stanley,

Thank you that work!

USG 110 - VPN Site to Site with Dual Wan issue

Accepted Solution

All Replies

Categories

Security Highlight

Security Help Center