Name: Digi Connect EZ Mini
Brand: Digi
Rating: 5 (1 reviews)

To Next Page

To Previous Page

Virtual Private Networks (VPN) IPsec

Digi Connect EZ Mini User Guide

201

Configure IPsec failover

There are two methods to configure the Connect EZ device to fail over from a primary IPsec tunnel to

a backup tunnel:

n SureLink active recovery—You can use SureLink along with the IPsec tunnel's metric to

configure two or more tunnels so that when the primary tunnel is determined to be inactive by

SureLink, a secondary tunnel can begin serving traffic that the primary tunnel was serving.

n Preferred tunnel—When multiple IPsec tunnels are configured, one tunnel can be configured

as a backup to another tunnel by defining a preferred tunnel for the backup device.

Required configuration items

n Two or more configured IPsec tunnels: The primary tunnel, and one or more backup tunnels.

n Either:

l SureLink configured on the primary tunnel with Restart Interface enabled, and the metric

for all tunnels set appropriately to determine which IPsec tunnel has priority. With this

failover configuration, both tunnels are active simultaneously, and there is minimal

downtime due to failover.

l Identify the preferred tunnel during configuration of the backup tunnel. In this scenario, the

backup tunnel is not active until the preferred tunnel fails.

IPsec failover using SureLink

With this configuration, when two IPsec tunnels are configured with the same local and remote

endpoints but different metrics, traffic addressed to the remote endpoint will be routed through the

IPsec tunnel with the lower metric.

If SureLink > Restart Interface is enabled for the tunnel with the lower metric, and SureLink

determines that the tunnel is not functioning properly (for example, pings to a host at the other end of

the tunnel are failing), then:

1. SureLink will shut down the tunnel and renegotiate its IPsec connection.

2. While the tunnel with the lower metric is down, traffic addressed to the remote endpoint will

be routed through the tunnel with the higher metric.

For example:

n Tunnel_1:

l Metric: 10

l Local endpoint > Interface: ETH2

l Remote endpoint > Hostname: 192.168.10.1

l SureLink configuration:

Restart Interface enabled

Test target:

Test type: Ping test

Ping host: 192.168.10.2

n Tunnel_2:

Brand

Digi

Model

Connect EZ Mini

Digi Connect EZ Mini User Manual

Table of Contents

Questions and Answers:

Digi Connect EZ Mini Specifications

Related product manuals