User manual
retry_delay 5
test_delay 5
test ifretry 2 5 ping -I 192.168.2.1 192.168.1.1 -c 3
connection secondarylink
parent conn-eth1
start IPSec auto --add SecondaryLink
start IPSec auto --up SecondaryLink
stop IPSec whack --delete --name SecondaryLink
maximum_retries 2147483647
retry_delay 5
test_delay 5
test ifretry 2 5 ping -I 192.168.2.1 192.168.1.1 -c 3
service service-IPSec
group primarylinktest
group secondarylink
The following scenario assumes that the Headquarters SG and Branch Office SG each
have two static Internet IP addresses. The Branch Office SG establishes an IPSec
tunnel from its primary Internet IP address to the primary Internet IP address at the
Headquarters SG as the primary IPSec tunnel path. If this IPSec connection is detected
to have failed, a failover IPSec tunnel is established from the secondary Internet IP
address to the cecondary Internet IP address at the Headquarters SG. Once in the
failover state, the Branch Office SG will periodically determine if the primary IPSec tunnel
path is functioning again, and if so, will fall forward to use the primary link instead.
242
Virtual Private Networking