Using HFA110.

Currently the scope is simple. I have 2 clusters. CLA has one ISP (ISPA1). CLB,2 has 2 ISP (ISPB1, ISPB2).

On CLB ISP redundancy is applied without applying settings to VPN. So I have configured the Link selection on CLB to use only ISPB2, and route ISPA1 to ISPB2 (without set probing x.x.x.x/y on the cluster B members).

I have used Route probing, seems ISPB1 was still used for VPN.

Then set to Operating system Table, same result.

But I have checked the result with "Tunnel monitoring" and/or "vpn tu". Involved ISP was ISP1B.

When I check with tcpdump, it seems the right interface is used (no trafic on ethx, trafic on ethy).

If I have to use tcpdump to check, it is not funny at all.

Any idea ?

Thanks.

So you're not applying ISP Redundancy to VPN and you ARE using VPN?
Possible this might cause the issues you're seeing.

Yes, this is the set up. Check box in ISP Redundandcy is cleared. Because we don't want to use same link for Internet access and VPN, except in case of failure.

Problem is, without that option being ticked, the underlying changes needed to make VPN work when failed over to the other ISP link will not be done.

You mean HA mode in Link Selection and Route probing does not work if ISP Redundancy is on with  a clear box Apply to VPN ?

If you want VPN to fail over to a different link with ISP Redundancy, that box must be checked.
Otherwise, it probably will not work.

Hi PhoneBoy,

Following several test, you are right and check box has to be checked. Sad to learn that because that means you can not split traffic (internet / vpn) in an easy way. Target was to have one link "master" for internet and the other link "master" for VPN.

Guessing that if I have 4 isp, I could configure 2 for Internet and 2 for VPN. This should work but it is not in the current scope. 

R82 should offer more flexibility in this area.