BranoI hate VogonsPremium,MVM
|reply to repe23 |
Re: USG-100 dual wan problem
Did you try the date firmware I've sent you?
There is DPD (dead peer detection) bug in IPSec in the current release. The date FW is fixing that. ... this may be whole or part of the issue you're experiencing.
Thank you (both) for your answers.
I still can't test the firmware you sent me, I hope to test it during this week.
Anyway, I made some other test : I changed the dlink unit for another USG-100 with also 2 wans, so this time I created the VPN between 2 USG-100 both with wan HA. Wan1 form USG unit 1 is directly connected to wan1 of USG unit 2, and the same for wan2.
If I use the same subnet for all wan interfaces in both USG, for example 10.0.0.0/24, I have the same problem I had with Dlink unit. When I disconnect wan1 on one of USG unit, the vpn is not changed to WAN2.
But if I use 1 subnet (10.0.10.0/24) for wan1 on both usg , and 1 subnet (10.0.20.0/24) for wan2 on both usg, the VPN and WAN HA works ok !
So it seems that the problem is when I use the same subnet for both wans. Did you hear this issue before ?
Thanks again for your help
This is interesting, not because I have to deal with VPNs, but because I use PPPoE, and my WAN_ppp connections get 77.X.X.X block IP addresses from FairPoint, but internally, I have seen the USG establish 10.X.X.X addresses for the WAN connections that the PPP connections are linked to. I can't find the address values right now, but I wonder if they are usually set to be on the same subnet.