Hello,
We have two Sites with an Internet Connection and a WAN connection each one. Right now, we have there two Cisco ASA FW routing the internal network traffic through the WAN link, and, in case of a WAN failure, a "track" detects that failure, turns off the static route, and the traffic goes to the other site through a S2S IPSec tunnel permanently established.
Now we want to replace the main office ASA with a Sophos UTM 220, and we have a lab testing this scenario. I have attached a diagram describing this lab.
We have configured the tunnel and it works fine. We also have configured Uplink balancing using WAN (Internal interface) and External (Internet interface) with Multipath Rules to route traffic to the branch office through the Internal interface (WAN), and Uplink Monitoring to detect WAN failure with an action to enable the S2S tunnel in case of failure.
The uplink monitoring detects when the WAN is OFFLINE, but the configured action does not enable the tunnel. If I manually enable the S2S IPSec tunnel then the traffic goes through the tunnel as it should.
Could you please tell me what I'm doing wrong.
Thank you very much.
Regards.
This thread was automatically locked due to age.
