...
1) Two internet connections are used for redundant operation:
Info |
---|
When using a plain Ethernet connection, you need to set up ICMP polling so that the router will detect a line failure. |
...
Info |
---|
The following workaround only needs to be performed if you are using an LCOS version lower than LCOS 10.70: If ICMP polling is configured for the backup connection there will be a recurring buildup and breakdown of this connection. This is due to the connection being in the status Interface Down (255) and thus the polling packets can't be transmitted. The packets are therefore discarded by the Intruder detection in the firewall and the message packet received from invalid interface is shown. In order for the polling to work, a separate default route for the backup connection with an unused routing tag has to be created. In this case the Admin distance does not matter and therefore the value 0 is used. If ICMP polling is configured for the main connection, a separate default route with an unused routing tag and the Admin distance 0 has to created, as otherwise a switch from the backup connection to the main connection won't be possible due to the Intruder Detection. |
...
2.2) Configuring the IKEv2 connection:
2.2.1) Manually set up an IKEv2 connection on both routers. The name of the VPN connection must be different from the name of the IKEv1 connection as the names have to be unique.
...