IPsec Tunnel (Primary-Secondary)

irfanpgill · November 16, 2022, 10:14pm

Hello,
We have 2 sites that have ipsec between them, a primary tunnel and secondary.
How can i prioritize the connection to HQ where the primary connection is always the priority and then it fails over to secondary.

HQ has 2 WAN connections.
Remote side has 1 WAN connection…

Screenshot 2022-11-16 203608
thanks.

lagapidis · November 19, 2022, 6:52am

Hello Irfan

If these two IPSec tunnels terminate on different IP addresses on the HQ side, then it is possible to use routing to direct traffic over one tunnel and, if that fails, to redirect traffic over the other. This can be done in several ways.

By using a routing protocol such as EIGRP, or OSPF and adjusting the cost of each tunnel so that one is chosen over the other.
By using a floating static route with a different administrative distance
By using policy based routing
By using an IP SLA to configure reliable static routing

Take a look at these options and see what matches up best with your particular situation. If you have any further questions, you know where to find us!

I hope this has been helpful!

Laz