Table of Contents
Advertisement
retry_delay
test_delay 5
test ifretry 2 5 ping -I 192.168.2.1 192.168.1.1 -c 3
connection secondarylink
parent
start IPSec auto --add SecondaryLink
start IPSec auto --up SecondaryLink
stop IPSec whack --delete --name SecondaryLink
maximum_retries 2147483647
retry_delay
test_delay 5
test ifretry 2 5 ping -I 192.168.2.1 192.168.1.1 -c 3
service service-IPSec
group primarylinktest
group secondarylink
The following scenario assumes that the Headquarters SG and Branch Office SG each
have two static Internet IP addresses. The Branch Office SG establishes an IPSec
tunnel from its primary Internet IP address to the primary Internet IP address at the
Headquarters SG as the primary IPSec tunnel path. If this IPSec connection is detected
to have failed, a failover IPSec tunnel is established from the secondary Internet IP
address to the cecondary Internet IP address at the Headquarters SG. Once in the
failover state, the Branch Office SG will periodically determine if the primary IPSec tunnel
path is functioning again, and if so, will fall forward to use the primary link instead.
Virtual Private Networking
5
conn-eth1
5
242
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the SG300 and is the answer not in the manual?
Questions and answers