AnsweredAssumed Answered

S2S VPN redundancy with two ISP

Question asked by Patryk Pilarski on Jan 2, 2019
Latest reply on Jan 3, 2019 by Maarten Sjouw

Hi all,

 

Could you please point me, if this is possible to configure two active S2S VPN tunnels - one tunnel per one ISP?

 

My scenario: 5000series (R80.10) appliances configured as a cluster 

Eth1 >> connected to ISP 1 (public IP address block /29)

Eth2 >> connected to ISP 2 (public IP address block /29)

 

I don't use ISP redundancy, because we use PBR for some good reason.

We use S2S tunnels between data center with Juniper SRX and Checkpoint in the office. Inside S2S VPN we use BGP protocol to distribute routes.

 

I would like to have two active tunnels at the same time - one configured by using ISP1 public IP, second configured by using ISP2. I will distribute better routes for VPN tunnel 1, but in case of problem with ISP1 I expect that VPN tunnel 2 will immediately handover traffic. 

 

I know hot to configure two tunnels in active/standby mode, but I am wondering if this is somehow possible to achieve active/active configuration

 

Thanks in advance 

Outcomes