I am having issues getting a VPN failover group to work on my equipment. Both of the VPN IPsec connections connect and work individually, however if I enable the failover group I can see it cycling through the different tunnels one at a time but it never actually connects and stays connected using either of them.
In my central office I have an XG 310, the IPsec connections are set to respond only and the policy's dead peer detection is set to disconnect when the peer is unreachable. My remote office has an XG 105. The 105 has two internet connections and in the WAN link manager they are set up to be active/backup failover with that tested functioning using web browsing. The IPsec connections on the 105 are set to initiate the connection and their dead peer detection is set to re-initiate.
As a side note, my 310 at the central office also has two internet connections that are load balanced that I would like to add in to the VPN mix, however for right now for initial setup to make sure it will all work I am just trying to use the 2 ISPs on the 105 to the one ISP on the 310. Eventually I would like to have all four possible routes functioning.
Does anyone have any experience with the failover group behaving like this, or if there is a better way to configure this type of network on the XG?
This thread was automatically locked due to age.
