Route traffic through a backup VTI tunnel

A backup VTI tunnel ensures traffic continuity by providing an alternative path when the primary VTI tunnel fails to route traffic in route-based VPN configurations.

You can deploy the backup VTI tunnel in these scenarios:

Both peers having service provider redundancy backup.

In this case, there are two physical interfaces, acting as the tunnel sources for the two VTIs of the peers.
Only one of the peers has service provider redundancy backup.

In this case, there's an interface backup on only one side of the peer and on the other end, there is only one tunnel source interface.

Before you begin

Ensure that you review the guidelines and limitations. For more information, refer to Guidelines for virtual tunnel interfaces.

Procedure

Step 1	Create the VTI interface. For more information, refer to Add a VTI interface
Step 2	In the Add Endpoint dialog box of the Create New VPN Topology wizard, click Add Backup VTI to configure the respective backup interface for each peer. For more information, refer to Configure endpoints for a point-to-point VPN topology Configure Endpoints for a Hub and Spoke Topology
Step 3	Choose Devices > Device Management, and edit the threat defense device and click Routing to configure the routing policy.
Step 4	Choose Policies > Access Control to configure the access control policy.