Our organization uses Sonicwall devices as our gateway/firewall for all of our locations, with VPN tunnels between each of them. Each site also has a primary and backup internet line (WAN1 and WAN2), with the secondary typically being slower than the primary.
When configuring VPN tunnels, you can specify a primary and secondary "IPSec gateway name/address". Typically, we set the primary VPN gateway to be the other location's public WAN1 IP. However, what would happen in this situation...?
Site 1 WAN1: 192.168.100.1, WAN2: 172.16.100.1
Site 2 WAN1: 192.168.200.1, WAN2: 172.16.200.1
Site 1 primary VPN pointing to 192.168.200.1, secondary pointing to 172.16.200.1
Site 2 primary VPN pointing to 172.16.100.1, secondary pointing to 192.168.100.1
(notice the second site has its connections reversed)
What determines how the connection is made? Does it depend on which device receives the "VPN handshake" packet first, or will there be two parallel tunnels made, with the tunnel used depending on what side the traffic originates from? Ideally, both primary links should be connected to each other, so I'm curious as to how it works to make sure no problems occur.