McAfee SG310 Administration Manual page 301

VPN menu features
IPSec failover
Table 25 Secondary IPSec tunnel – Branch Office UTM Firewall configuration
Field
Tunnel name
Local interface
Keying
Local address
Remote address:
Local Required Endpoint ID
Dead Peer Detection
Remote party IP address
Remote Required Endpoint ID
Preshared Secret
Local Network 1
Remote Network 1
Local Network 2
Remote Network 2
Once this secondary IPSec tunnel is running and working, disable the secondary tunnel at both the Branch
5
Office and Headquarters UTM Firewalls by deselecting the associated checkbox on the main IPSec screen.
Manually edit the ifmond.conf file on the Branch office UTM Firewall to configure for IPSec failover and fall
6
forward.
Note: At least one space must precede any text for the indented subsections within the ifmond.conf file.
##-- Custom entries MUST be added below this point
connection primary
parentipsec-tunnel-primary_1
parentofipsec-tunnel-primary_0
retry_delay5
test_delay5
maximum_retriesinfinite
startwhack --initiate --name primary_1 --asynchronous
testifretry 2 5 ping -I 192.168.12.1 192.168.11.1 -c 3
stopwhack --terminate --name primary_1 --asynchronous
connection secondary
parentipsec-tunnel-secondary_1
parentofipsec-tunnel-secondary_0
retry_delay5
test_delay5
maximum_retriesinfinite
startwhack --initiate --name secondary_1 --asynchronous
testifretry 2 5 ping -I 192.168.12.2 192.168.11.2 -c 3
stopwhack --terminate --name secondary_1 --asynchronous
service ipsec-failover
groupprimary
groupsecondary
McAfee UTM Firewall 4.0.4 Administration Guide
Value
secondary
default gateway interface
Aggressive mode (IKE)
dynamic IP address
static IP address
secondary@branch
enabled
209.0.1.1
secondary@HQ
<secondary secret>
192.168.2.0/24
192.168.1.0/24
192.168.12.1/32
192.168.11.1/32
301