Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC Secondary Gateway

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Rich
      last edited by

      Has anyone thought about having a secondary IPSEC gateway similar to the way Sonicwall does it. If it doesn't get a response from the primary IPSEC gateway, it initiates the tunnel using a secondary IPSEC gateway. When that SA expires, it tries to initiate the tunnel using the primary IPSEC gateway. That way it doesn't have to keep checking to see if the primary came back up. The only real drawback is that it runs on the secondary IP longer than it actually needs to. We currently have a bunch of TZ-170's for our branch offices and a 4060 at the NOC with this ability. It would be much nicer to be able to put some WRAP's or Soekris 5501's with pfSense at the branches if they had this ability. I understand that it may take a bounty to get this done.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.