double fail-over WAN and VPN
Hello,
We have 2 sites connected with VPN, ATP units on both locations.
Each site has 2 ISP connected for fail over, and fail over configured Trunk - LeastLoad First, Inbound+Outbound. Second ISP in passive.
I would like to have VPN working, no matter which provider fails.
What is the best way to realize that?
I saw this article
How to Use Dual-WAN to Perform Fail-Over on VPN Using the VPN Concentrator – Zyxel Support Campus EMEA
In my case, when only 2 sites, and not 3, do i need to configure a concentrator or is adding Secondary IPs to VPN Gateway setup(on both ends) is enough?
Thank you
We have 2 sites connected with VPN, ATP units on both locations.
Each site has 2 ISP connected for fail over, and fail over configured Trunk - LeastLoad First, Inbound+Outbound. Second ISP in passive.
I would like to have VPN working, no matter which provider fails.
What is the best way to realize that?
I saw this article
How to Use Dual-WAN to Perform Fail-Over on VPN Using the VPN Concentrator – Zyxel Support Campus EMEA
In my case, when only 2 sites, and not 3, do i need to configure a concentrator or is adding Secondary IPs to VPN Gateway setup(on both ends) is enough?
Thank you
0
Best Answers
-
-
Hi @Orad,In this example, only two VPN Gateway are configured on each device:HQ_wan1------BO_wan1HQ_wan2------BO_wan2If you need full redundancy in case HQ_wan1 and BO_wan2 are disconnected at the same time, you need to add extra two VPN Gateways, corresponding VPN tunnels and extra two VTI interfaces.HQ_wan1------BO_wan2HQ_wan2------BO_wan10
Zyxel Employee
All Replies
-
-
thank you @Zyxel_Emily
In handbook they create 2 VTIs, but if i understand correctly, i would need 4 VTIs on each side to get "full" redundancy?0 -
Hi @Orad,In this example, only two VPN Gateway are configured on each device:HQ_wan1------BO_wan1HQ_wan2------BO_wan2If you need full redundancy in case HQ_wan1 and BO_wan2 are disconnected at the same time, you need to add extra two VPN Gateways, corresponding VPN tunnels and extra two VTI interfaces.HQ_wan1------BO_wan2HQ_wan2------BO_wan10
-
@Zyxel_Emily
also, we tested it today and it does work, but time it takes to reconnect VPN is a bit longer than we expected. Which settings should i play with to control it?
it took about a 4-5 minutes before tunnel connected.
In trunk i have it set to Least Load First/Outbound. Should i change it to Spillover?0 -
0
Master Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 383 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
