Multi Wan failover with IPsec tunnel

  • Maybe I am asking for too much here, but is this possible?
    If I have 1 Wan coming to PFsense with that is a point to point t1 and I have another WAN that is going to an ISP for failover, but the Second WAN requires IPsec tunnel to ASA 5510 at main site to communicate, could PFsense do this on one box for a Failover?

    MAIN SITE:                                            REMOTE SITE:

    router1 (P2P T1)–---------------------------WAN1: (PFSense)-------------Remote Site Lan:
    ASA1 (Ipsec Tunnel)-------------------------WAN2: (PfSense)----Failover--Remote Site Lan:

  • Seeing how no one replied, I am guessing this is a no and cannot be done….

  • I have the same question.  It would be nice to be able to have an IPSec connection become active automatically if one of the WANs goes down.

  • Not possible with IPsec tunnel mode (some people have it there and disabled and manually go in and enable it as a solution). With OpenVPN or transport mode IPsec with GRE or gif plus a routing protocol, it is possible (generally, depends on routing in general in your network, it can get complex as any dynamic routing can).