Hi,
i currentley renew my setup and wanna ask if there is any better method available to use ipsec for multiple wan adresses instead using netwatch and ping anything?
I can’t create two policies with the same src & dst, but with different sa src. address.
Thanks for help!
Make different GRE/IPsec tunnels with the src and dst address, and use some autorouting method to select the working tunnel as the active route (e.g. BGP or OSPF, with BFD when you need quick changeover).
Thanks for this nice Idea, but this is not supported from the devices on the second side.
Any other solutions?
It is the method I use all the time and it works fine for me.
As it works so good I have not wasted time on finding workarounds to get it working with direct IPsec tunnels…