Multi IPsec tunnels with different ISP without redundancy, with the same encryption domain
I want to implement Multi IPsec tunnels with different ISP without redundancy.
The meaning is that I will have IPsec from FW-Branch to FW-HQ with ISP-A and IPsec from FW-Branch to FW-Internet with ISP-B.
On the branch site, it will be the same encryption domain(192.168.200.0/24)
All the FWs running R80.30
When I am creating the IPsec tunnels it's using ISP-A IP (188.8.131.52) for the tunnels.
I want to separate the sources.
For IPSEC-1 I will use ISP-A IP - 184.108.40.206 (from FW-Branch to FW-Internet).
For IPSEC-2 I will use ISP-B IP -220.127.116.11 (from FW-Branch to FW-HQ).
It must be without redundancy, if ISP-A is down I cannot access FW-Internet
Currently is not working,
I desire to create 2 separate IPSEC tunnels on FW-Branch.
One tunnel with the source IP address of 18.104.22.168
And second IPSEC tunnel with source IP address of 22.214.171.124
Each tunnel with an encryption domain of 192.168.200.0/24.
Currently, both tunnels are with source 126.96.36.199, and this is not what I want, because when eth1 is down I lose both of my tunnels.
And I can not create another object because I can not assign the same encryption domain to different objects.
Hope it’s clearer now.