I have a GX450 running ALEOS 4.5.1. I am trying to use the VPN failover feature with two different IPsec gateways at my office.
I started with a reset to factory settings, then configured addressing and VPNs. I have confirmed that the GX450 can connect to each IPsec gateway separately and pass traffic, when only one VPN is configured (VPN 1) and failover is completely disabled.
I set up the primary VPN as VPN 1 and the secondary VPN as VPN 3. All other VPNs are disabled. Revertive mode is enabled.
Upon rebooting the router, my primary VPN connects and I can pass traffic. When I disable the IPsec gateway for VPN 1, the GX450 appears to establish a phase 1 connection with the gateway for VPN 3. However, phase 2 does not establish. I cannot pass traffic.
I don’t see any error messages or anything strange in either the GX450 log file or the VPN gateway log file. My VPN gateway indicates that SAs are established in both directions. It just seems like the GX450 is ignoring them. If I use the Ping tool on the GX450 to try to ping a device on my office network, I get an error message:
PING 10.1.1.199 (10.1.1.199): 56 data bytes
ping: sendto: Invalid argument
If I re-enable my VPN 1 gateway, the GX450 correctly reverts back to it. Phase 1 and 2 establish, traffic passes, and everything works fine.
Has anyone successfully used the VPN Failover feature with two IPsec tunnels? I know it is a fairly new feature. The user guide does not describe it in very much detail. Any suggestions?