Hi everyone.
I was wondering if BGP over IPSec is now available…, I’m running a Lab doing this scenario beetwen a Balance One (Version 8.0.1) and two Palo Alto Firewalls but until now, it’s not working.
Even I tried to use OSPF but I haven’t had luck.
Thanks for your help.
Regards.
Juan Anaya
Hi Keny,
Thanks for your time, I’d like to tell you that I achieved to open an adjacency between a PA and the Peplink, However, I’m still working in my Lab.
Also, I found an option in the Peplink to add a secondary Public IP in the IPSec VPN configuration, but when the Primary VPN is Down, the Peplink keeps looking for a renegotiation with the same peer, and not with the second one.
I think you have an issue in that function, unless I don’t have the right information about how that works.
Thanks again and I hope you have a wonderful day.
Regards…
When primary IPsec site down (IPsec status go from Established to Connecting), router will re-connect to primary site for next 3 minutes. When that failed, it will try secondary site. Had you tried to set Secondary site as Primary to make sure router can establish IPsec with Secondary site, just to isolate issues with Secondary site.
Hi Kenny.
Had you tried to set Secondary site as Primary to make sure router can establish IPsec with Secondary site, just to isolate issues with Secondary site
Yes, I had, and the secondary site works correctly.
Now I did the test waiting 3 minutes and the secondary site is UP, but that’s to long in a production enviroment.
Also, this would work better if when the primary site is recovered, the traffic will come back to this one.
I appreciate your support
Thanks and regards.
Hi,
We will reduce the time for failover in future firmware. We can provide a special firmware to you if needed. For fallback to primary site, that is not possible now (unless Secondary site is down).
Kenny