01-17-2024 04:57 AM
Has anyone created ISP failover for tunnels to Azure gateway?
We have PA440 devices with two ISPs configured. Local networks are switched with path monitoring if ISP1 goes down.
We want the same for the IPSec tunnel to Azure.
From Azure documentation it seems that BGP failover can be used with different AS, with lower path having higher priority.
Is creating two virtual routers on PA the only way?
01-17-2024 10:47 AM
You don't need to have multiple virtual routers.
Every peer under Peer Groups can have different Peer AS.
01-17-2024 02:16 PM
Hello,
Yes, I have setup Policy Based Forwarding so that I force the traffic down the path I think is primary and if it goes down, It goes to the virtual router route of the other path.
Hope that makes sense.
01-19-2024 03:25 AM
Thank you both for the replies! I will try to go for AS solution to have BGP choose the routing, as we need the routing to work both ways and Azure seems to work that way with lowest AS being the default route. Will report here when I try it out
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
