Failover IPSec with two ISP

sbyoon

Dear Pfsense members,

Thank you for all your effort to create pfsense.
I'd like to make failover IPSec with two ISP. When one of the IPS's disconnet I'd like use the IPSec tunnel on another IPS from LAN.

LAN
        |
  PFSENSE
WAN    OPT1
|              |
ISP1      ISP2
|            |
INTERNET
      |
    ISP3
        |
  PFSENSE (awaiting mobile clients IPSEC)

Above method is best because I make it only with one pfsense at LAN but I don't thik it will be possible because as I know IPSec tunnelling can be made only at WAN interface. If it is impossible, then can it be possible with two pfsense?

LAN
            |
    –--------------------- 
    |                      |
PFSENSE          PFSENSE
WAN  OPT1    OPT1  WAN
  |        +----------+      |
  |                              |
  ISP1                        ISP2
      |                            |
              INTERNET
                  |
                ISP3
                  |
              PFSENSE (awaiting mobile clients IPSEC)

I will use tunnel on ISP1 and when ISP1 disconnet I'd like use the tunnel on ISP2 automatically without faill. I think it can be possible with Carp or failover IPSec (I foud it on IPSec configureation page on pfsense) but I don't know how I make it. It will help me if you give me the way in detail. Thank you.

hoba

See http://forum.pfsense.org/index.php?topic=1580.0 for a similiar scenario.