Configuring Implicit Primary-Backup

Configure the VPN Domain that includes the Primary Security Gateway and another domain that includes only the backup Security Gateway. Configure each Security Gateway as either the Primary Security Gateway or a backup Security Gateway.

To configure the primary Security Gateway:

1. Open Global Properties window > VPN > Advanced, select Enable Backup Gateway.

2. In the Object Explorer, click New > Network Group and create a group of gateways to act as backup gateways.

3. Edit the Primary Security Gateway object and open the IPsec VPN page.

4. Select Use Backup Gateways, and select the group of backup gateways.

   This Security Gateway is the primary Security Gateway for this VPN domain.

5. For each backup Security Gateway, make a VPN domain that does not include IP addresses that are in the Primary VPN domain or the other backup domains.

   If the backup Security Gateway already has a VPN domain, you must make sure that its IP addresses do not overlap with the other VPN domains.

   1. Create a group of IP addresses not in the other domains, or a group that consists of only the backup Security Gateway.

   2. In the backup network object, go to the Network Management > VPN Domain section, select Manually defined.

   3. Select the group.

6. Click OK.

7. Install the policy.