When user firewall active interface is down, he was unable to connect to SSL VPN through back up interface. He was getting cannot resolve address logs in VPN.
It means SSL VPN client is trying to connect to SSL VPN server using host name and DNS is resolving it to primary IP of the firewall.
So in that case host name must be resolved to both the IP secondary IP address when primary IP is down.
If we were able to resolve hostname to secondary IP address, then add interface group under remote access >> SSL >> settings which consists of both interfaces.
After making these settings, when client is connecting with host name it will reach the secondary IP and since we kept interface as “any” it will accept SSL connection.
There is another way if you want to manually trigger SSL VPN to second interface in case if the primary interface is down.
You need to access remote access >> SSL >> settings
In place of Override hostname give the secondary IP address as shown in below screenshot
But in this case, you might need to download the SSL VPN client again from the user portal and try to access it again.
Hope this article helps you.