SA 520 and SA 540 VPN Failover issue

Unanswered Question
Jun 21st, 2010
User Badges:

Screen shot 2010-06-21 at 2.25.26 PM.png

I tried the above scenario to test the vpn failover in these SA devices, the following are the configuration i have done :-

  • The ports are configured as above.
  • The optional port is configured as WAN port.
  • In optional port ->WAN mode i have selected auto rollover using WAN port "Dedicated WAN" and ping the gateway IP.
  • I have created two IKE policies and two VPN policies where the second one is selected as a backup policy.
  • I have enabled the rollover.
  • I have defined two static ip route one for the WAN with metric 10 and another for the OPT. with metric 15.


  • The primary VPN is up and can communicate between two LAN.


  • When the WAN link goes down, the Optional port took long time to get up (sometimes in sa 520 the opt port didn't goes up)
  • In VPN status the back up policy comes in play but didnt get up. (while only using the optional port the back up VPN goes up)

I want the vpn failover smoothly in these devices. don't know where the problem is.. HELP me guys to get out of this problem.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mherbster Wed, 05/25/2011 - 09:54
User Badges:

I'm having the exact same issue.  Our static IP on the primary WAN port is fine, the optional port is into a backup (Comcast) line pulling DHCP.  I had the WAN Failover working for about 2 days, then it stopped working all of a sudden.

Anyone else having this issue?  I had a complete failure of the router a week ago on the WAN ports.  I would hope we can get an answer to this as it's an advertised feature of the SA 540 that doesn't seem to be working well.


This Discussion