Hi,
we would like to connect 2 sites over IPsec. Each site has 2 ISP to achieve failover solution. The configuration looks like this:
Site A: 2x ASG120, 2 ISP, HA, load-balancing, 2 VPN to Site B, uplink monitoring on
Site B: 1 Cisco 1812, 2 ISP (2. ISP only for failover), 2 VPN to Site A
On Cisco (Site B), both VPN tunnels are shown as connected. On Cisco we use SLA objects (ping) to switch the route to Site A over ISP 2 to ISP 2, if ISP 1 on Site A or ISP 1 on Site B is not working.
On Astaro (Site A) we see one VPN tunnel as fully connected (2 green lights) and 1 VPN tunnel with the information "route is already in use ..." (one green and one red light). Ping from inside Site A to inside Site B is working.
Problem 1: If the ISP on Site B, over which the VPN is fully connected, goes down, then Cisco switches the route to the other ISP. Unfortunately, Astaro is not doing the same. How can we achieve this?
Problem 2: if ISP 1 on Site A, over which the VPN is fully connected, goes down, then Cisco and Astaro switch to the other VPN which runs over ISP 2. As soon, as ISP 1 comes up again, Cisco switches the route back (that's how we would like to have it) to ISP 1 and it's VPN, but Astaro keeps going on routing over ISP 2. How can we tell Astaro to have a primary route over ISP 1?
Best regards
Urs
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
