I have a scenario with an existing VPN network in which I am attempting to create fail-over.
There are 8 remote NV3120's using IPSEC VPN pointed to a NV3430 at the host site.
These 8 sites are up and running.
We have added a second broadband link at the host site and installed an NV3448.
The 3430 and the 3448 are on the same 192.168.0.0/24 network.
I would like to configure a back-up VPN from each of the 8 remotes to the 3448 if there is a failure on the 3430 link.
I have attempted to use a probe on the remotes to dictate traffic actions. I have been UN-succesful at establishing the fail-over IPSEC tunnel.
Is VRF the method I should be using to direct the traffic?
Is there a good VRF doc you can point me too?
- Thanks for posting your question on the forum.
Unfortunately, IPSec for IPv4 is not supported on non-default VRFs. You can read more about multi-VRF at this link: Configuring Multi-VRF in AOS
However, I do not think you will need VRF in your scenario. Could you tell me what is serving as the default gateway at the host site? It would also be helpful to see the configuration from one of the remote 3120s and the configuration on the host site 3430 as well. Please remember to remove any sensitive information.
Please do not hesitate to let us know if you have any questions.
Thanks,
Noor
- Thanks for posting your question on the forum.
Unfortunately, IPSec for IPv4 is not supported on non-default VRFs. You can read more about multi-VRF at this link: Configuring Multi-VRF in AOS
However, I do not think you will need VRF in your scenario. Could you tell me what is serving as the default gateway at the host site? It would also be helpful to see the configuration from one of the remote 3120s and the configuration on the host site 3430 as well. Please remember to remove any sensitive information.
Please do not hesitate to let us know if you have any questions.
Thanks,
Noor
I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons. If you have any additional information on this that others may benefit from, please come back to this post to provide an update. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.
Thanks,
Noor