I have just built a route-based vpn to a remote site that is up and working. My side is a Netscreen 204, remote site is
Fortinet 60C.
I want to create a secondary tunnel from my same Netscreen to a second backup site which will be the same kind of device, a F 60C.
In reading these fora, I have seen two recommendations:
"Configure two VPN's, one to first location, one to the other. If using static routes set pref or metric value higher to the tunnel int bound to backup VPN. Use VPN monitoring on the first (ajust vpnmonitor interval and threshold to reasonable value) . When primary VPN goes down, tunnel int goes down because of the monitoring. If outgoing interface goes down the prefered route goes inactive (don't use permanent option!), Second route (to your backup vpn's tunnel int) becomes active and voila!)
Dead peer detection must be enabled for it to work."
Will either VPN monitoring and DPD be an issue with Fortinet not having that? I don't know. Secondly I couldn't find any kb documents to clarify the "Howto".
#monitoring#deadpeerdetection#DPD#vpn#fortinet