Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Stelios_Andreou
Participant

Redundant VPN Connection using ISP L2 connection and S2S VPN

Dear mates,

 

Currently, I have a VPN setup between 2 locations wherein Primary premises I have a cluster and at DR a single GW.

We are using a Site to Site VPN and now we need to add a 2nd L2 line connection as primary and keep the Site-to-Site as a secondary.

 

The GWs now, are connected with each end of L2 line and between there is also one switch. (GW -> switch -> end of L2 connection -> end of DR L2 connection ->GW)

Here are the steps we try so far:

1. Create a new VLAN for the L2 connection.
2. Assign the new VLAN’s IPs to the GWs and the switch interface.

3. Create new IP routes on both GWs to redirect traffic to pass from L2 Connection. -> Failed to work.

5. Create 2 new GWs as Interoperable Device and modify Site to Site VPN using new GWs object with internal L2 IPs. -> Failed to work.

6.Remove IP routes

 

The plan is to keep the Site to Site VPN and also pass the traffic through the L2 connection encrypted.

Regarding link redundancy mode, please note that we have also other remote locations and I think I can't use it.

 

Any ideas?

Thank you.

 

3 Replies
PhoneBoy
Admin
Admin

Did you change the Link Selection settings at all?
This is required if you're going to change the IP used for the VPN.
Also, are you still encrypting IPsec on the L2 connection?

0 Kudos
Stelios_Andreou
Participant

Many thank for the response.

 

I didn't change the Link Selection settings as I have many locations connected with HQ and I need to change only one of them.

Currently, the Link Section is at the Main address. If we ignore the redundant connection. There is a way just to replace the Site to Site VPN and configure a new one with privates IPs on L2 connection?

No, the ISP doesn't encrypt the L2 connection.

Thank you.

PhoneBoy
Admin
Admin

Maybe try to use "Calculate IP based on network Topology."
As long as you have more specific routes for that VPN over L2, I believe it will choose the correct IP.

 

0 Kudos