Router1 - WAN1 1.1.1.1 WAN2 2.2.2.2 LAN 10.1.1.0/24
Router2 - WAN1 3.3.3.3 LAN 10.1.10.0/24
I have site-to-site IPsec VPN Tunnels set up between 6 branch offices, this all works great. We are trying to add some redundancy so now I'm trying to add dual WAN's to each of my branches and I can't figure out how to make the IPsec configuration work. When I try to add an additional IPsec Policy on Router1 using the same source network 10.1.1.0/24 to the same destination network 10.1.10.0/24 but using WAN2's SA Src. Address and Router2's SA destination address, one of my entries turns red and stops working like it's not allowed or something. Basically I'm trying to create two IPsec policies to the same source and destination networks but with different Source SA addresses. Any ideas on what I'm doing wrong or how to set this up? Thanks in advance.