Tunnel interface with 2 WAN connections each side (4 tunnels)
trying to connect two sites with Tunnel Interface
Both sites have Nsa2700s with 2 WAN circuits in each (X2 and X4)
Looing to create 4 tunnels, but run into issues when attempt to create multiple tunnels to the same remote IP.
would like to have the following tunnels
Site A X2 - Site B X2
Site A X2 - Site B X4
Site A X4 - Site B X2
Site A X4 - Site B X4
Is this possible?
the following appears in a pop-up when attempting to save the VPN policy. Will this cause an issue?
"Found a policy with the same peer gateway [redacted public IP by Community Manager]. Phase1 proposal for matching policy might be overwritten. Click OK to proceed or Cancel to change settings."
Answers
@AlanE , please refrain from posting actual public IP addresses, if this is the case.
Yes, you should be able to implement this scenario. Make sure to select the respective local WAN interface under the "Advanced" tab of the tunnel interface, i.e. "VPN Policy bound to".
@AlanE the message you're getting is more of a warning but do not cause any trouble if you're using different IKE IDs and PSKs for each connection. I'am running this scenario on multiple deployments with Tunnel Interface and various WAN interfaces on each side. (2:1, 1:2, 2:2, ...).
--Michael@BWC
Hi @AlanE / @BWC , the error message popping up only happens on Gen7 appliances and this is a known bug I have a support case raised with support and engineering are looking in to it,
What you are doing is possible as Michael rightly stated and is used all the time to allow for overlapping policies needed for redundancy,
also please make sure you change the VPN names to not have the first 16 characters the same (as this is a current issue also) possibly name like below to avoid this
1 Site A X2 - Site B X2
2 Site A X2 - Site B X4
3 Site A X4 - Site B X2
4 Site A X4 - Site B X4
@MustafaA , F.Y.I. even if you choose the correct interface you get the error on Gen 7 see video on support case (44312180)
With reference to "... the error message popping up only happens on Gen7 appliances and this is a known bug...", the issue ID is GEN7-41268.
Redacted public IP