Active Active site to site VPN tunnel with asymmetric routing with cisco

Please provide solution for below requirement: attached diagram for this scenario please refer .(HLD 1)

We need to implement site to site vpn with 3rd party. both of us having two peer IP. our primary peer is connecting to their primary peer, and our secondary peer is connected to their secondary peer. Also both tunnel should be active at a time. there are two 3rd party servers are there in use. One is in DC 1 and other is in DC 2. Hence when our user want to connect with A.A.A.A servers it should flow trough tunnel A. like wise when user connecting to B.B.B.B it should take tunnel B. Also traffic should fail over properly when one goes down. what is the best possible way to achieve this.

tunnel version: ikev2


1.Which is the most appropriate tunnel mode? policy based or route based VPN, else the above requirement can be full filled with either of this .
2.What should be the routing strategy. we are thinking of making the 3rd party servers part of BGP , and make use of BGP prepend attribute to do asymmetric routing .is that a good solution.
3.Are we able to do auto failover with this set up.
4.is it possible to try this set up in LAB and get a sample configuration as we don't have a lab environment.
5. Do watchguard has any compatibility issue with cisco to achieve above goals

Sign In to comment.