We have a IPsec VPN between Teltonika RUT 956 and a FortiGate on the other side. This IPsec is configured as dialup and on the Teltonika side Wan is as primary and mob1s1a1 interface is configured as secondary.
When I tested the failover and shut admin down the interface of the Switch neighbors connected to the wan I se that the mob1s1a1 from stand by goes online and the VPN on the FortiGate changes the gateway from wan to mobile interface(basically the VPN does not go down but only changes directions) 9 out of 10 times i am not able to ping the Lan gateway of Teltonika from the Lan of the FortiGate (as I am when wan is online). I have done some other tests and I shut down the wan interface manually(disable) and in this case the failover works 100% without a problem. I have no static/policy routes configured by me on the Teltonika device even though I see on some routes (maybe created automatically) with metric 1 for Wan and metric 2 for mob1s1a1
Might be this the problem that i have not created a static/policy route or should I do other configurations that I have missed. On the Fortigate side the static route is directed to the IPsec so I think the problem might be on the Teltonika side. Firmware version RUT9M_R_00.07.07
. One more question if it is possible. what values should i provide to the dead peer detection in order to lower the request timeout time?