Question

Hello,
We use RUT 955 to repatriate data.
We set up an IPsec VPN from the RUT to our Fortigate firewall.
But we have 2 fibers (backup and normal) reaching our Forti. We created 2 VPN conf, one per fiber IP address.
Our problem is that the RUT mounts the 2 VPN conf.
What is the best solution to have a secure connection?
Can we prioritize VPN connections?
You can prevent the second connection on the forti, but this implies having to make a modification to the firewall.

Answer 1

Hello, I'm sorry, but I didn't really understand what two IPsec tunnels are used for?

You have one VPN server on which there are 2 external channels, most likely with the possibility of automatic reservation. Please describe in more detail (preferably with a diagram) the topology you want to get in the end.

Best regards, Anton

Comments

I try to explain with this schema

---

Hello, there is no IPsec failover in our devices.

I think there are two options here: this is to immediately raise 2 tunnels, and if the main channel breaks, the backup VPN will continue to work. Or use a small bash script that will ping the ip of the main channel and, if it is unavailable, will raise the backup IPsec. Run the script with the cron scheduler, for example, once every 5 minutes.

Best regards, Anton