Hi we have a customer site that we are having trouble getting reliable failover private networking setup via BGP.
Currently primary has a private point to point wireless link between Primary site and Site that hops through a couple of highsites.Sites are terminated via IPSEC and use IPSEC Tunnel mode with BGP to exchange prefixes with each other.
The failover connection effectively receives a CGNAT ip address from the carrier which then provides internet via a DIA termination.We are trying to build some form of routable tunnel back to this site from our internet circuits.
The only way I've managed to find anything to work as of this stage is just a manual ipsec connection using NAT-T that needs to be manually toggled to enable some form of failover to gain access to internal resources via compressed/summarized cidrs.From what I can tell the policy ipsec takes preference over tunnel mode which is not ideal.
I tried an SSL tunnel and can get BGP running over the tunnel and prefixes exchanged but no traffic that doesn't match the ssl routed tunnel policy ever makes it to the remote side.
Gre tunnel is a no go as the other end of the connection needs a static public ip address.
Have messed around with the route precedence but that hasn't really helped much.
Checking if there is any sort of workaround for this ?
This thread was automatically locked due to age.