I don’t fully understand the logic behind IPsec failover. My goal is to set up two tunnels with identical parameters, differing only in the remote gateway address. These tunnels would be grouped in a failover setup, marked as primary and secondary. Depending on the availability of the central site’s connection, the appropriate tunnel should be used.

The issue is that I cannot add tunnels with the same local and remote subnets. I get the following error message:
“The local subnet and remote subnet cannot overlap with those of existing IPsec policies.”

How should this scenario be properly configured?