Community discussions

MUM Europe 2020
 
n4p
Member Candidate
Member Candidate
Topic Author
Posts: 110
Joined: Wed Nov 25, 2015 9:54 pm

IPSec with multiple WAN Adresses

Mon Sep 30, 2019 2:11 pm

Hi,
i currentley renew my setup and wanna ask if there is any better method available to use ipsec for multiple wan adresses instead using netwatch and ping anything?
I can't create two policies with the same src & dst, but with different sa src. address.

Thanks for help!
 
pe1chl
Forum Guru
Forum Guru
Posts: 5970
Joined: Mon Jun 08, 2015 12:09 pm

Re: IPSec with multiple WAN Adresses

Mon Sep 30, 2019 3:47 pm

Make different GRE/IPsec tunnels with the src and dst address, and use some autorouting method to select the working tunnel as the active route (e.g. BGP or OSPF, with BFD when you need quick changeover).
 
n4p
Member Candidate
Member Candidate
Topic Author
Posts: 110
Joined: Wed Nov 25, 2015 9:54 pm

Re: IPSec with multiple WAN Adresses

Mon Sep 30, 2019 4:14 pm

Thanks for this nice Idea, but this is not supported from the devices on the second side.
Any other solutions?
 
pe1chl
Forum Guru
Forum Guru
Posts: 5970
Joined: Mon Jun 08, 2015 12:09 pm

Re: IPSec with multiple WAN Adresses

Mon Sep 30, 2019 5:47 pm

It is the method I use all the time and it works fine for me.
As it works so good I have not wasted time on finding workarounds to get it working with direct IPsec tunnels...

Who is online

Users browsing this forum: MSN [Bot] and 105 guests