ofirshemer
Explorer

Multi IPsec tunnels with different ISP without redundancy, with the same encryption domain

Hi all,

 

I want to implement Multi IPsec tunnels with different ISP without redundancy.

The meaning is that I will have IPsec from FW-Branch to FW-HQ with ISP-A and IPsec from FW-Branch to FW-Internet with ISP-B.

On the branch site, it will be the same encryption domain(192.168.200.0/24)

 

All the FWs running R80.30

Any suggestions?

 

0 Kudos
Reply
5 Replies
ofirshemer
Explorer

0 Kudos
Reply
G_W_Albrecht
Champion
Champion

What is the question ? This does not work for you ?

0 Kudos
Reply
ofirshemer
Explorer

Hi Albert
When I am creating the IPsec tunnels it's using ISP-A IP (80.10.10.1) for the tunnels.
I want to separate the sources.

For IPSEC-1 I will use ISP-A IP - 80.10.10.1 (from FW-Branch to FW-Internet).

For IPSEC-2 I will use ISP-B IP -160.10.10.1 (from FW-Branch to FW-HQ).

It must be without redundancy, if ISP-A is down I cannot access FW-Internet

 

Thank you

 

0 Kudos
Reply
G_W_Albrecht
Champion
Champion

Yes, ok, but what is your issue ? Does it not work for you ?

0 Kudos
Reply
ofirshemer
Explorer

Hey Albert,
Currently is not working,
I desire to create 2 separate IPSEC tunnels on FW-Branch.
One tunnel with the source IP address of 160.10.10.1
And second IPSEC tunnel with source IP address of 80.10.10.1
Each tunnel with an encryption domain of 192.168.200.0/24.
Currently, both tunnels are with source 160.10.10.1, and this is not what I want, because when eth1 is down I lose both of my tunnels.
And I can not create another object because I can not assign the same encryption domain to different objects.

Hope it’s clearer now.
Thank you.

0 Kudos
Reply