VMware NSX

 View Only
  • 1.  NSX-V IPSec Tunnel Secondary Peer IP.

    Posted Sep 29, 2020 06:17 AM

    Is it possible to add a secondary peer ip for IPSec Tunnel on NSX-V edge router? 

    For example, remote site has two ISP provider.   If the primary ISP provider fail , how can we get NSX edge rotuer to fail over to the second ISP provider

    Thank you in advance for any help.


  • 2.  RE: NSX-V IPSec Tunnel Secondary Peer IP.

    Posted Sep 29, 2020 07:11 AM

    Hey duc31nik​,

    To be honest I never tried this myself but on the Peer IP address it is possible to leave it blank to represent any IP. I suppose that with this configuration and having the same IKE and PSK configuration you will be able to have more than one.

    However I am not 100% sure but it is worth it to test.



  • 3.  RE: NSX-V IPSec Tunnel Secondary Peer IP.

    Posted Sep 30, 2020 06:38 AM

    Hi there,

    There is no IPSec multipath or redundancy feature in the Edge (maybe in future releases)

    There are some workaround that you can test, for example, having both VPN up and use routes with weight to ensure traffic always goes through the active link and if it fails, the secondary route will be there. (this should work, but again, is no the feature that you use or have in other vpn appliances)

    Cheers

    N