You need to prioritize traffic between two IP Security (IPSec) virtual private network (VPN) tunnels based on IP addresses and application to provide redundancy.
Create two IPSec VPN tunnels for the destination network, and bind to a tunnel interface using Next Hop Tunnel Binding (NHTB) to create two traffic paths:
set interface "tunnel.1" zone "Trust" set interface tunnel.1 ip unnumbered interface ethernet0/0 set ike gateway "Fast_link_gw1" address 22.214.171.124 Main outgoing- interface "ethernet0/1" preshare xxxxx sec-level standard set ike gateway "slow_link_gw2" address 126.96.36.199 Main outgoing- interface "ethernet0/2" preshare xxxxx sec-level standard set vpn "Fast_link_gw1" gateway "Fast_link_gw1" no-replay tunnel idletime 0 sec-level standard set vpn "Fast_link_gw1" monitor rekey set vpn "Fast_link_gw1" id 1 bind interface tunnel.1 set interface tunnel.1 nhtb 188.8.131.52 vpn "Fast_link_gw1" set vpn "slow_link_gw2" gateway "slow_link_gw2" no-replay tunnel idletime 0 sec-level standard set vpn "slow_link_gw2" monitor rekey set vpn "slow_link_gw2" id 2 bind interface tunnel.1 set interface tunnel.1 nhtb 184.108.40.206 vpn "slow_link_gw2"
Use PBR to configure extended access lists based on the high-priority traffic. Then, use the action group to send the high-priority traffic to one of the IPSec VPN tunnels.
Create the second extended access list for all traffic as a catchall from previous access lists. This will also act as a backup tunnel ...