Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 3079 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

single SA fails on S2S VPN Tunnel

RenéMewes

Hello, 

we have two S2S VPN Tunnels between head Office (2 WAN Interfaces) and branch office (one WAN Interface). 

Tunnels consists of 2 SAs. Subnet A and Subnet B on Head Office are connector to subnet C on branch office.

 

Multiple times a day one of the two SAs suddenly is down. When I manually reconnect the tunnel, both SAs are established immediately.

I created a failover group, consisting of the two tunnels, and want it to switch over, if the active tunnel has one or two SAs down.

Now my question: Failover conditions let me configure TCP Port or Ping to be monitored on REMOTE VPN SERVER

 

What is meant with REMOTE VPN SERVER? 

 

Is is the public IP of my head office? 

Or is it a IP on head offices subnet? If so, on what subnet (as descirbed above, tunnel consists of two subnets)

 

I hope I was able to describe my situation in an understandable way and you are able to help me!

 

kind regards, 

Philipp



This thread was automatically locked due to age.
  • 0

    Philipp,

    Remote VPN Server is the other end of the VPN tunnel. So, if you have an XG at your head office and another Firewall (Firewall A) at the other end, the remote vpn is Firewall A. Make sure that ping from XG wan ip or tcp connection on the port you choose are allowed on the Firewall A.

    Regards

  • 0 in reply to lferrara

    Hello Luk, 

    thank you for your answer! 

    Regarding your info I realize that failover group is not the correct tool to solve my problem. 

    Can you tell me how to configure an automatic "tunnel restart" when one (or both) of the two SAs is down?