Failover (Active, Standby) 2 WAN Tunnel IPSEC
cancel
Showing results for 
Search instead for 
Did you mean: 

Failover (Active, Standby) 2 WAN Tunnel IPSEC

L1 Bithead

Hi All Expert,

I have a small question to ask you.
I have plan to use PA for this semester and try to find what PA can do.

I have more than 10 Partners dial Site-to-Site VPN with me.
One of 10 Partners have connection issue with my primary link, so PA will switchover to secondary link to serve VPN to that partner. 
Question:
1. When PA switchover to secondary link. Do partners who have no issue connection will switchover to secondary link as first partner(Partner who has issue on primary link) or not ?

Hope I get this answer ASAP.

Thank you

4 REPLIES 4

L5 Sessionator

No, automatically not.

But with the right configuration on PA (2 IPSECs for each partner and tunnel monitoring, or IPSEC confiuration independent on IP...) and something similar on the other gateway this can be achieved.

 

Hi Sir,

It meant that when all partners have 2 different public IP, we can maintain partners that have no issue connection on primary link and partners who have issue connection to secondary link right ? it is by aumotatically right ? Static route or Dynamic route ?

Best Regards,
Chhayheng

When you setup tunnel monitoring on the VPN, this runs a test on this specific VPN to determine if it is up and running correctly.  When the test monitor fails that VPN alone is shut down.  This will not affect your other partner VPN connections.

 

In other words, the test is not by the gateway address as a whole that all partners are connecting to, but a test of the specific VPN tunnel of each partner individually.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

Cyber Elite
Cyber Elite

Hello,

Would you be able to provide a basic diagram? I think this might be possible but would need to see the diagram to find out.

 

Regards,

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!