Hello Otakar.Klier Thank you very much for your response, I would appreciate it if you could help me with the following, since I have not been able to advance When I created the PBF and I had a main and a backup tunnel, in "Source" did I have to choose the "Trust" zone (LAN) or the "VPN" zone that was created for the tunnels? In "Static Routes" I defined as follows VR_RED_1 Destination: 192.168.2.0 (The other end network) Interface: tunnel.1 Next Hop (Here I have not placed anything, should I put the IP default gateway for the output of ISP1?) VR_RED_1_Backup Destination: 192.168.2.0 (The other end network) Tunnel interface Next Hop (Here I have not placed anything, should I put the IP default gateway for the ISP2 output?) Configuring IPSec Tunnel VPN_Tunnel_1 Tunnel Interface: tunnel.1 Address Type: IPv4 Type: Auto Key IKE Gateway: VPN_Tunnel_1_IKE IPSec Crypto: Default Tunnel Monitor - Destination IP: 192.168.2.4 (any host IP in the other network, this is correct or what should I put?) Profile: Failover_VPN_Tunnel VPN_Tunnel_1_Backup Tunnel Interface: tunnel.2 Address Type: IPv4 Type: Auto Key IKE Gateway: VPN_Tunnel_1_IKE_Backup IPSec Crypto: Default Tunnel Monitor - Destination IP: 192.168.2.4 (any host IP in the other network, this is correct or what should I put?) Profile: Failover_VPN_Tunnel This may be the part that causes me the most trouble. Tunnel interface configuration: Tunnel.1 IP Address: (I have not placed any address, in the IKE_Gateway I refer to the interface and address of each Peer) Virtual Router: Default (It is necessary to place the previously configured? VR_RED_1) Security Zone: VPN_Zone Tunnel.2 IP Address: (I have not placed any address, in the IKE_Gateway I refer to the interface and address of each Peer) Virtual Router: Default (It is necessary to place the previously configured? VR_RED_1_Backup) Security Zone: VPN_Zone IKE_Gateway configuration VPN_Tunnel_1_IKE Version: IKEv1 Address Type: IPv4 Interface: Eth1 / 1 Local IP: (Local ISP) Peer Address: (Peer ISP) Pre-Shared Key: (key ****) VPN_Tunnel_1_IKE_Backup Version: IKEv1 Address Type: IPv4 Interface: Eth1 / 2 Local IP: (Local ISP Backup) Peer Address: (Peer ISP Backup) Pre-Shared Key: (key ****) PBF Config: Source Trust / LAN (is this correct?) Destination: 192.168.2.0/24 (Destination network) [] Negate selected Forwarding: Action: Forward Egress Interface: Tunnel.2 [ ] Monitor Profile: Failover_VPN_Tunnel IP Address: 192.168.2.4 (any IP from a host at the other end) [] Disable this rule if nexthop / monitor ip is unreachable - Selected Thanks for everything and I apologize for the length of the message, it is that I am having problems to make this configuration and it has cost me something to understand. Regards!
... View more