![]() ![]() The configuration described here assumes that your redundant VPNs are essentially equal in cost and capability. A VPN that is created using manual keys cannot be included in a redundant-tunnel configuration. This means that the FortiGate unit must operate in NAT mode. The redundant configurations described in this chapter use route-based VPNs, otherwise known as virtual IPsec interfaces. ![]() If this route fails, the route with the next shortest distance is used. You set different routing distances for each route and only the shortest distance route is used. All of these VPNs are ready to carry data. You configure a VPN and an entry in the routing table for each of the four paths. This ensures that a VPN will be available as long as each peer has one working connection to the Internet. Each interface on a peer can communicate with both interfaces on the other peer. In a fully-redundant VPN configuration with two interfaces on each peer, four distinct paths are possible for VPN traffic from end to end. This is useful to provide reliable service from a FortiGate unit with static IP addresses that accepts connections from dialup IPsec VPN clients. For an example of this, see Configuration overview on page 155. When only one peer has redundant connections, the configuration is partially-redundant. This is useful to create a reliable connection between two FortiGate units with static IP addresses. The figure below shows an example of this. You must use Interface Mode.Ī fully-redundant configuration requires redundant connections to the Internet on both peers. Redundant tunnels do not support Tunnel Mode or manual keys. If the primary connection fails, the FortiGate unit can establish a VPN using the other connection. IPsec VPN tunnel aggregate interfaces Configuration overviewĪ FortiGate unit with two interfaces connected to the Internet can be configured to support redundant VPNs to the same remote peer. The following topics are included in this section: This section discusses the options for supporting redundant and partially redundant IPsec VPNs, using routebased approaches. ![]()
0 Comments
Leave a Reply. |