IPSEC Failover - how to implement?

zanthos · Jul 14, 2016, 8:01 AM

I'm planning to implement a failover IPSEC tunnel between two sites.

Site A will have to independent static connections to the internet with to ISPs.
Site B will have one static connection to the internet.

Main problem is, if one of the two connections from site A fail, the IPSEC tunnel should switch to ISP B.

How to implement this?
Would openVPN be a better option?

mannyjacobs73 · Jul 20, 2016, 1:57 PM

I believe this can only be done with the help of the ISP, but I am not 100%.

I'd be interested to know if anyone provides some other idea.

dotdash · Jul 20, 2016, 3:43 PM

OpenVPN is a better option for this situation. You could use a dyndns target which would switch between the ISP's at site A.
There is no way to have two targets for the same connection like you can do in some commercial firewalls.

acc4ever · Jul 25, 2016, 8:48 PM

I accomplish what you request, using WAN groups and dyndns..

I attach my configurations, hope this helps you

![Screen Shot 2016-07-25 at 5.43.41 PM.png](/public/imported_attachments/1/Screen Shot 2016-07-25 at 5.43.41 PM.png)
![Screen Shot 2016-07-25 at 5.43.41 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-07-25 at 5.43.41 PM.png_thumb)
![Screen Shot 2016-07-25 at 5.43.50 PM.png](/public/imported_attachments/1/Screen Shot 2016-07-25 at 5.43.50 PM.png)
![Screen Shot 2016-07-25 at 5.43.50 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-07-25 at 5.43.50 PM.png_thumb)
![Screen Shot 2016-07-25 at 5.46.08 PM.png](/public/imported_attachments/1/Screen Shot 2016-07-25 at 5.46.08 PM.png)
![Screen Shot 2016-07-25 at 5.46.08 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-07-25 at 5.46.08 PM.png_thumb)
![Screen Shot 2016-07-25 at 5.47.26 PM.png](/public/imported_attachments/1/Screen Shot 2016-07-25 at 5.47.26 PM.png)
![Screen Shot 2016-07-25 at 5.47.26 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-07-25 at 5.47.26 PM.png_thumb)