Hi guys,
My scenario is as follows: on the main site we've got a Checkpoint cluster running R80.10 and a single ISP, that runs an IPSEC VPN tunnel to our secondary site, where we have a Juniper SRX firewall.
Recently a second ISP line has been added to the secondary site to improve the availability and the target is to setup an automatic mechanism on both sides that in case the tunnel through the ISP1 goes down, the IPSEC tunnel will automatically raised on ISP2.
What's the best way to do this? a single VPN community with both satellite gateways (ISP1 and ISP2)? What else, should I enable DPD on both gateways (Checkpoint and Juniper)?
Thanks in advance!