1. Home
  2. Networking Firewalls
  3. Netscreen Failover question

Netscreen Failover question

Hey everyone!

I've got the next situation:

1 mainoffice with one NS 5GT (model 205) 3 branch offices with everyone of them one single NS5GT.

The main office has got two different internetconnections (let's say connection 1 and 2) and i've setup the NS5GT in the mainoffice to run in dual-untrust mode, both internetconnections are connected and working on the Netscreen. All the branchoffices got one single Internetconnection.

I've setup several route based VPN's: Branch 1 to Mainoffice Branch 2 to Mainoffice Branch 3 to Mainoffice

Now every VPN connection is connecting to the Mainoffice's internet connection 1. Let's say this connection drops for some reason (ISP problems), is there a way for me to automaticly let the branchoffices Netscreens build up their VPN's using connection 2 instead of conncetion 1?

Regards, Joris

Reply to
Joris Kemperman
Loading thread data ...

Try building a second tunnel interface and set a route with a higher metric using the second tun.x interface as the gateway. I haven't tried it, but it's logical that it would work.

Reply to
Munpe Q

I have tried and tested similar scenarios. IE hub n spoke VPN but using direct vpn if hub is not available to pass traffic....the way i do this is by creating the 2nd tunnel interface as explained above with the higher preference for the 2nd route...then I pass a vpn monitor down the vpn tunnel.

If the vpn monitor fails it automatically disables the primary static route and enables the secondary.

Dave Sinclair Sintec Ltd.

formatting link
NetScreen/Juniper trainer

Reply to
Sintec

Agreed, we actually just finished a lab up today with a very similar scenario. Use the VPN monitor, a lower heartbeat and even consider using GRE tunnel with the tunnel interfaces. It will work fine.

Reply to
Munpe Q

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.