Site 2 Site IPSec VPN via direct Link (no WAN)

would create a LACP Link and run VPN over the virtual interface.

would create a LACP Link and run VPN over the virtual interface.

Hi Dirk, thx for reply.

LACP would be a good idea, but it's possbile that there will be some changes in the future which will brake the LACP possibilitys (Transit-Router-Network inbetween).

Had some Test with Availability- and Interface-Groups on my IPSec-VPN.

Availability-Group switches perfektly fine to the other Gateway defined as primary, but the Interface will not switch...

If primary is up, it's as follows:

Internal-Network --> eth2 -------------- eth2 --> Remote-Network  - everything works fine

If primary is down it's like this:

Internal-Network --> eth2 -------------- eth3 --> Remote-Network  - VPN doesn't start (of course)

I tried to Bind the Remote-Gateway-Host-Definitions to the respective Interfaces.

I tried static Routes and Uplink-Balancing in different ways.

It's like standing in the woods and not seeing any trees...

I admit I don't see the picture of where you want to go, Thorsten, but it seems like you're over-complicating this.

"Availability-Group switches perfektly fine to the other Gateway defined as primary, but the Interface will not switch..."

Please show pictures of the Edits of the configuration on both sides - IPsec Connection and Remote Gateway, Interface Group and Availability Group.

Are the direct connections eth2 and eth3 or are they in addition to these two connections?  If in addition, would you want the ISP connection in each site to be the third choice for the VPN connection?

Do you want the VPN connection(s) between the sites to provide backup Internet connection if one site's ISP goes down?

Like I said, I can't see where you are or where you want to go.  How about a simple stick diagram of now and one of after?

Cheers - Bob