I tried the above scenario to test the vpn failover in these SA devices, the following are the configuration i have done :-
- The ports are configured as above.
- The optional port is configured as WAN port.
- In optional port ->WAN mode i have selected auto rollover using WAN port "Dedicated WAN" and ping the gateway IP.
- I have created two IKE policies and two VPN policies where the second one is selected as a backup policy.
- I have enabled the rollover.
- I have defined two static ip route one for the WAN with metric 10 and another for the OPT. with metric 15.
- The primary VPN is up and can communicate between two LAN.
- When the WAN link goes down, the Optional port took long time to get up (sometimes in sa 520 the opt port didn't goes up)
- In VPN status the back up policy comes in play but didnt get up. (while only using the optional port the back up VPN goes up)
I want the vpn failover smoothly in these devices. don't know where the problem is.. HELP me guys to get out of this problem.