Knowledge Base

How can I failover the VPN on my WAN1 and WAN2 interface?

Scenario

I have two USG 100 (USG#1 and USG#2).

Both of these two devices have 2 WAN interfaces.

I want to establish a tunnel from USG#1 to USG#2, also I hope the device can fail over the VPN tunnel.

 

How can I configure my devices?

 

Device#1:

WAN1: 30.30.30.1

WAN2: 50.50.50.1

LAN: 192.168.1.0/24

Device#2:

WAN1: 30.30.30.2

WAN2: 50.50.50.2

LAN: 192.168.2.0/24

Step

(1) In Device #1

Phase1:

My address: 0.0.0.0

Peer Gateway:

Primary: 30.30.30.2

Scenario: 50.50.50.2

Enable "Fall back to Primary Peer Gateway when possible" function.

Phase2:

Local policy: 192.168.1.0/24

Remote policy: 192.168.2.0/24

 

(2) Device #2

Phase1:

My address: 0.0.0.0

Peer Gateway

Select for "Dynamic Address"

Phase2:

Local policy: 192.168.2.0/24

Remote policy: 192.168.1.0/24

 

(3) Using CLI commands on device #1:

Router(config)# client-side-vpn-failover-fallback activate

Router(config)# write

Verification

This is a VPN failover example.

Device#1 is a VPN role, Device#2 is a VPN server.

The VPN will always connect from device#1 to device#2.

 

Also the CLI command will check for the remote interface.

When the primary is active, then the tunnel will fall back to primary rule, automatically.



YES NO

Please leave your comment:

SUBMIT

Question Profile

LANGUAGE:
ARTICLE ID:002807
TYPE:Application / Configuration Example
FIRMWARE:3.00
VIEWS:4334
VOTES:1
TECHNOLOGY:
MODEL:ZYWALL USG 100,ZYWALL USG 1000,ZYWALL USG 20 (view more model name)

Still have trouble with your device? Contact Zyxel technology support team directly!

Contact Zyxel Support