I was wondering if BGP over IPSec is now available…, I’m running a Lab doing this scenario beetwen a Balance One (Version 8.0.1) and two Palo Alto Firewalls but until now, it’s not working.
Thanks for your time, I’d like to tell you that I achieved to open an adjacency between a PA and the Peplink, However, I’m still working in my Lab.
Also, I found an option in the Peplink to add a secondary Public IP in the IPSec VPN configuration, but when the Primary VPN is Down, the Peplink keeps looking for a renegotiation with the same peer, and not with the second one.
I think you have an issue in that function, unless I don’t have the right information about how that works.
When primary IPsec site down (IPsec status go from Established to Connecting), router will re-connect to primary site for next 3 minutes. When that failed, it will try secondary site. Had you tried to set Secondary site as Primary to make sure router can establish IPsec with Secondary site, just to isolate issues with Secondary site.
We will reduce the time for failover in future firmware. We can provide a special firmware to you if needed. For fallback to primary site, that is not possible now (unless Secondary site is down).