IPSEC Secondary Gateway



  • Has anyone thought about having a secondary IPSEC gateway similar to the way Sonicwall does it. If it doesn't get a response from the primary IPSEC gateway, it initiates the tunnel using a secondary IPSEC gateway. When that SA expires, it tries to initiate the tunnel using the primary IPSEC gateway. That way it doesn't have to keep checking to see if the primary came back up. The only real drawback is that it runs on the secondary IP longer than it actually needs to. We currently have a bunch of TZ-170's for our branch offices and a 4060 at the NOC with this ability. It would be much nicer to be able to put some WRAP's or Soekris 5501's with pfSense at the branches if they had this ability. I understand that it may take a bounty to get this done.


Locked