How can I get dual ISP with DUAL IPSEC Tunnel to work with static routes and no tunnel monitor? I want the IPSEC tunnel to only failover when the primary circuit goes down. Problem I am having is the static route metrics is not taking over when the primary ISP and primary IPSEC tunnel goes down. Metric is 10 for primary tunnel and 20 for backup tunnel.
My recollection is that you really have to use VPN monitor in this scenario because without it the tunnel interface does not go down and therefore your primary route is never removed from the routing table.
I have always looked at the type of site it is, i.e. if its a stub then I used Policy Based Forwarding (but you need a monitor) and a static route for the secondary. That is if primary goes down, the PBF doesnt take affect and so the route takes the static route. You can also possible accomplish this with dynamic routing such as OSPF on both sides and then weigh the routes accordingly, e.g. higher on the secondary, etc.
Hope that points you in the right direction.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!