Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
shani786
New Contributor II

Created on ‎10-09-2023 03:36 PM

Redundant IPSec tunnel help

hello experts!

 i want to configure a site-to-site VPN between 2 sites. 

Site "A" has 2 ISP links and here I want to create 2 redundant IPSec tunnels with site "B".

so the problem is that site "B" has only 1 wan link and site "A" has 2 wan links. As shown above image. so how can i configure any help would be appreciated thanks.

 

ipsecipsec

Labels:
859
0 Kudos
1 Solution
VinayHM
Staff
Staff

Created on ‎10-09-2023 09:52 PM Edited on ‎10-09-2023 09:53 PM

Hi 

 

Please go through the below link for the Redundant IPSEC Tunnel using a single WAN connection

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Redundant-IPSEC-Tunnel-using-single-WAN-co...

 

Regards,

Vinay HM

View solution in original post

832
4 REPLIES 4
VinayHM
Staff
Staff

Created on ‎10-09-2023 09:52 PM Edited on ‎10-09-2023 09:53 PM

Hi 

 

Please go through the below link for the Redundant IPSEC Tunnel using a single WAN connection

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Redundant-IPSEC-Tunnel-using-single-WAN-co...

 

Regards,

Vinay HM
833
shani786
New Contributor II

Created on ‎10-11-2023 03:18 PM Edited on ‎10-11-2023 09:10 PM By Community Manager

hi!
thank you for the help. one more thing i want to discuss here i tried the method and applied it successfully but one problem i face the downtime while the static ipsec route to 2nd backup tunnel it takes up to 2 minutes to up what will be the solution i want to decrease the downtime any help would be appreciated. 

807
0 Kudos
Toshi_Esumi
SuperUser
SuperUser

Created on ‎10-11-2023 03:39 PM Edited on ‎10-11-2023 03:40 PM

Then try IPSec aggregate instead. With this both sides are up and utilized all the time, and bringing down one side shouldn't cause much down time. Although below cookbook shows two circuits on both locations, it should work as well as long as one side has two circuits. I tested that way when 6.2 came out. I would assume it still work with like 7.0 - 7.4.
https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/779544/ipsec-aggregate-for-redundancy-a...

 

Toshi

799
chitra150
New Contributor

Created on ‎10-12-2023 10:14 PM

Hello,

You should check this doc.
https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/779544/ipsec-aggregate-for-splunk training-redundancy-and-traffic-load-balancing

 

I hope this will help you.

Regards ( Chitra)
Regards ( Chitra)
773
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.