I'm trying to create a Remote access solution in the event of a very specific failure case and could use the advise of some more experienced users.
# Scenario
WAN 1 is on a Data Centre backbone, Public IPs (eg /24) with a common gateway.
WAN 2 is a direct connection to a different service provider (cable or DSL)
If the Gateway for WAN 1 fails, we won't be able to VPN into WAN1
If we use WAN2, WAN 1 will technically still be up (*) and the return packets will route back across the default route of WAN 1 and not make it back to us.
* The normal failover doesn't work here since WAN 1 will still be up, nor is it desirable to take that interface down as we still want to be able to reach the Public IPs beyond.
There is an acceptable solution to this issue document in the knowledge base Here.
INTERNET
/ \
WAN1 WAN2
\ /
ASG Appliance
| |
Internal (network) Internal2 (network)
Create a separate subnet with a default gateway of WAN2. I can then successfully route between to internal nets and hop across to investigate WAN1 and it's subnet.
# Question
The place I'm getting stuck in his is how to define multiple IP pools for SSL VPNs in order to allow the above scenario to function. This is in the context of establishing a VPN to WAN2 and have the data go back via WAN2.
I can not find an obvious answer to this question.
# Notes
I understand this will require two VPN logins to distinguish between connecting to WAN1 vs WAN2. This is fine.
This thread was automatically locked due to age.
