Forum Discussion
bruce_p_11387
Jul 08, 2008Nimbostratus
I know this may sound useless, but I have IPSec VPN tunnels working through the LC's, but essentially I had to define a VIP for each tunnel and then it uses a resource of only one link, specifically, the link whose addressing matches the public address of the firewall. SNAT and any other address translation are turned off. It's a forwarding VIP and you define the service port to use all ports as well as allow it to use all protocols.
It works, but I have no failover. I was wondering how you get a tunnel to failover to the other link.