High availability
Multiple gateways linked to the same remote site can be declared to safeguard against the failure of one of your devices.
Customer side redondancy
This connection profile protects you against a service outage in the event of a malfunction of your IPSec gateway.
INFO
For the diagrams below, the primary and secondary W1PAM gateways can be used interchangeably: there is no concept of priority between the two gateways.
Active-active mode
This mode is supported with static or dynamic routing.
In this diagram, both gateways on customer remote site 1 announce 10.0.0.0/24 subnet via BGP.
IPsec gateway on WALLIX One PAM accepts both routes and put them in the routing table:
| Prefix | Next-hop |
|---|---|
| 10.0.0.0/24 | - tunnel1 - tunnel2 |
With the static routing mode, we recommend connecting your IPSec gateways to the same W1PAM gateway if they announce the same prefixes.
Active-standby mode
This mode is only supported with dynamic routing.
In this diagram, both gateways on customer remote site 1 announce 10.0.0.0/24 subnet via BGP.
As vpn-1 uses MED with lower value than vpn-2, its announcement takes priority.
IPsec gateway on WALLIX One PAM puts only routes from vpn-1 (If the routes received from gateway_2 have the same length) in the routing table:
| Prefix | Next-hop |
|---|---|
| 10.0.0.0/24 | - tunnel1 |
The second tunnel is put in standby mode. If tunnel 1 fails for any reasons, tunnel 2 is used to join network 10.0.0.0/24.
NOTE
MED attributes is compared even between routes received from different ASes.
Full redondancy
This connection profile protects you against service interruption in the event of an IPSec gateway malfunction (on the W1PAM side or on the client side).
We recommend using this mode whenever possible.
WARNING
This profile is only supported with dynamic routing.
