We have a WAN link between 2 of our offices (MPLS), but I want to put in a redundant link as this remote office has a 20mb Internet pipe via their Fortigate firewall, we have a 100mb Internet pipe.
We have an ASA and I have created multiple site-to-site VPNs on that before and on Fortigates too. Currently both of these firewalls provide the routing tables for both offices including the routes for this WAN link, if I create a VPN between both offices what will happen, will the WAN link be uneffected as we use static routes to get between these 2 offices via the firewalls routing tables or will the VPN try and take over? I'm not sure if static routes take preference over a VPN as I never have to add routes on our ASA for a site-to-site.
I don't think I can do anything dynamic, but should the WAN link fail I was thinking if I get the VPN established before hand and just remove the static routes if it fails then the traffic should go over the VPN instead?
The static routes will always take preference so traffic will always be sent over the WAN. If the WAN link fails you will then have to remove the static routes in order to have traffic flow over the VPN. You should be able to do something dynamic by running a routing protocol such as OSPF or RIP over the WAN link as I assume the Fortigate should be able to support these protocols.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :