I am trying to create a solution where interesting traffic can traverse two IPsec tunnels between the same two firewalls, please see topology attached:
The issue i am having is only one of the vpn's is working and the other is down:
show security ike security-associations
Index State Initiator cookie Responder cookie Mode Remote Address
4781957 UP f18ee9deae57e28f cf6828432f53694f IKEv2 18.104.22.168
4782025 DOWN dbba261f6ed738c4 0000000000000000 IKEv2 22.214.171.124
including the tunnel interface which is in a up down state.
I want both VPN tunnels up at the same time and interesting traffic able too use both tunnels st0.1 and st0.2. They key requirement for me is to use one physical external interface for both VPN's on each side.
Can anyone assist me on a solution for getting both VPN tunnels to be running at the same time. I currently have full connectivity using st0.1
Eventually, I will use ECMP over the two VPN's but firstly need to get the second up.
Any help would be appreciated. Please ask if further detail is needed.
Any advice on why the second VPN is not coming up would be appreciated.
Please see if this forum post from 2011 helps
Resolved this in the end, proxy-identities can be used to uniquely identify each IPsec tunnel, as long as this is different for each ipsec tunnel they will come up.