NSX-V IPSec Tunnel Secondary Peer IP.

duc31nik · ‎09-28-2020

Is it possible to add a secondary peer ip for IPSec Tunnel on NSX-V edge router?

For example, remote site has two ISP provider. If the primary ISP provider fail , how can we get NSX edge rotuer to fail over to the second ISP provider

Thank you in advance for any help.

Lalegre · ‎09-29-2020

Hey duc31nik,

To be honest I never tried this myself but on the Peer IP address it is possible to leave it blank to represent any IP. I suppose that with this configuration and having the same IKE and PSK configuration you will be able to have more than one.

However I am not 100% sure but it is worth it to test.

NicolasAlauzet · ‎09-29-2020

Hi there,

There is no IPSec multipath or redundancy feature in the Edge (maybe in future releases)

There are some workaround that you can test, for example, having both VPN up and use routes with weight to ensure traffic always goes through the active link and if it fails, the secondary route will be there. (this should work, but again, is no the feature that you use or have in other vpn appliances)

Cheers

N

-------------------------------------------------------------------
Triple VCIX (CMA-NV-DCV) | vExpert | MCSE | CCNA

All

NSX-V IPSec Tunnel Secondary Peer IP.