02-15-2018 04:35 AM
Hi,
Below link explains about vpn failover with dual isp and dual vr, but cant I use same VR.
Why its mandtory to use two VR.
with regards,
Ram
02-15-2018 04:52 AM
Hi @RamBalaji
dual VR is optimal so you have 2 default routes so each IPSEC connection has a unique route out (else yuou can only have 1 default gateway and both tunnels would go out of the same interface)
02-15-2018 04:52 AM
Hi @RamBalaji
dual VR is optimal so you have 2 default routes so each IPSEC connection has a unique route out (else yuou can only have 1 default gateway and both tunnels would go out of the same interface)
02-15-2018 05:25 AM
Can you please explain in detail i couldn't understand..
with regards,
Ram
02-15-2018 05:48 AM
for you to be able to make an outbound ipsec connection ,you need to initiate a connection from you rsystem out to the internet
for your packets to reach their final destination ,a route lookup needs to occur an d a routing decission to which interface your packets should egrtess out of
If you only have 1 VR, only 1 default route can be active so both your tunnels will egress out of the same interface
If you are able to add host routes you could try to point each tunnel's destination IP out of a different interface, this could allow for a single VR setup.
If you are not able to add a host route (if your ISP assigns you a dynamic IP for example) you will need to rely on the default route. In this case, you will need an additional VR so each ISP can have it's own default route and each tunnel will only be active on the VR with the preferred ISP's default route
02-15-2018 06:55 AM
What if I did it this way?
1 VR, First peer public IP reached via default route via ISP1. Second peer public IP reached via /32 static route pointing to ISP2.
02-15-2018 07:08 AM
That should work
02-15-2018 07:09 AM
Hello,
Yes this can work. I have set it up multiple times over the years. Then I either use a Policy Based Forwarding rule or OSPF weights to determine which path I want to use as primary and secondary, etc.
Regards,
09-30-2020 02:33 PM
How about if i did it this way,
1 VR, First peer public IP reached via default route via isp1, Same Peer Public IP reached via PBF Pointing to ISP2 ( Condition of Source Address for Tunnel and Destination of same Peer IP )
11-11-2021 06:25 PM
to confirm this is not possible with single VR going to same public IP?
I have VPN 1 - going through unique public IP to branch public IP
I have VPN 2 - going through unique public IP to same branch public IP
This is the same VR. To confirm this is not possible? I tried to move to dual VR but i caused a ton of routing issues and I had to revert. Will try dual VR set up again if its the only way possible.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
