Hello community,
I would like to ask for clarification about implementation of IPSEC peer with FQDN.
In our envinroment we have few hundreds spokes of multiple brands (majority Cisco ASA, Mikrotiks and Fortigates) and we are using CNAME(2 hubs) as peer FQDN to achieve load-balancing and failover.
Currently with Mikrotik we are failing to achieve failover on 6.48 version same as on 7.x version.
If we test by killing one of the HUBs. In Mikrotik peer will just time-out, phase 1 disappears after about 1-2 minutes, but nothing more happens.
Only solution is to manualy disable peer and enabled again, then it seems that it tries to resolve/connect to both resolved IPs again and reaches peer which is alive.
This doesn't look like desired functionality or am I missing something ?
Thanks
David