Due to additional security measures, we have implemented Multi-Factor Authentication (MFA) on this Support Portal. Please log in using your registered email ID or phone number. In case of any difficulty, kindly reach out to Seqrite Support by emailing us at "support@seqrite.com".
  1. Home
  2. Solutions
  3. How-To Articles
  4. How to configure MPLS-IPSec/IPsec-MPLS failover

How-To Articles

How to configure MPLS-IPSec/IPsec-MPLS failover

27-02-2020 18:05:22

Overview:

This article describes the steps to use VPN/MPLS as a backup by walking you through an example setup.

The MPLS/VPN failover will only work when MPLS is configured on a WAN zone and not on any other zone.

The following sections are covered:

1. MPLS to IPSec Failover

2. IPSec to MPLS Failover

Applicable Version:2.3 and above

 Scenario:


Head Office UTM

The Head Office UTM has been configured with Eth0 as LAN, Eth1 as WAN and Eth2 as WAN.

The MPLS link has been terminated on WAN (Eth2).

Seqrite LAN Network:172.16.17.0/24

Seqrite WAN IP: 192.168.11.140 (Connected to HO MPLS router)

Seqrite WAN IP: 192.168.12.245

Branch Office UTM

The Branch Office UTM has been configured as follows:

Seqrite LAN Network:172.16.140.0/24

Seqrite WAN IP: 192.168.11.139 (Connected to BO MPLS router)

Seqrite WAN IP: 192.168.12.233

Configuration:

1. MPLS to IPSec Failover

Configure the IPSec connection between Head Office and Branch Office, refer to the article

http://esupport.seqrite.com/support/solutions/articles/23000013895-how-to-establish-a-site-to-site-ipsec-vpn-connection-using-a-pre-shared-keys-in-utm for details on how to establish an IPSec VPN.

In this scenario, the MPLS link would be primary and IPSec will be configured as a backup of MPLS.

As soon as the MPLS link will go down, IPSec will come up automatically and Connection would be there using IPSec VPN.

Once the MPLS link gets restored or it is up then IPSEC VPN will automatically go down and the MPLS link would work as Primary.

MPLS Static Route and MPLS is configured as WAN interface.

Configured IPSec as backup of MPLS.

Under Link Failover setting please select MPLS interface or whatever WAN interface you have configured as Primary. In our case MPLS is Primary and its WAN interface IP is 192.168.12.233. Then select rest of the parameter for configuring VPN.

2. IPSEC to MPLS Failover

In this scenario, a customer’s MPLS link would work as secondary and IPSEC will be configured as Primary VPN.

The customer needs to configure Site to Site IPSEC VPN as Primary and MPLS route too.

Once VPN connection will go down then all the VPN traffic will shift to MPLS route and connection will be up.

Configured MPLS as backup of IPsec.

Please contact Seqrite Technical Support for more assistance.