Bug #11181
Updated by Jim Pingle over 3 years ago
In a multi-WAN environment pfSense should allow the use of two Phase 1's that have different origin IP's but the same destination IP. For example:
Site A: WAN (ISP-A) and WAN2 (ISP-B)
| /
| /
IPsec P1 | / IPsec P1
Primary Link | / Secondary Link
| /
Site B: WAN (ISP-C)
However, pfSense throws the error, "The following input errors were detected: The remote gateway "x.x.x.x" "64.137.131.31" is already used by phase1 ""."
This is problematic because we would like to take advantage of the IPsec Phase 2 Virtual Tunnel Interface (VTI) feature with policy routing to route traffic over the primary link. If the primary link fails the policy routing would transmit over the secondary link.