Introduction:
VPN load balancing enables site-to-site traffic to be distributed based on IP or session across multiple VPN tunnels.
This article outlines the configuration of TMV tunnel, which is terminated on the appliances at both ends, and their relevant routing policy.
Requirements:
In this case, the configuration is required to:
> Failover site-to-site access to the remaining active path in case one of WAN links failed.
> Load Balance site-to-site traffic across all available tunnels.
Configuration:
Follow the steps below to configure site-to-site VPN load balancing on the branch appliance with the IP details given:
Step 1: WAN > ADD > Static
WAN 1:
WAN 2:
WAN configuration on the branch office appliance is done as follows:
Step 2: LAN > ADD
LAN configuration on the branch office appliance is done as follows:
Step 3: Tunnels > ADD
For TMV Tunnels, there are 2 Roles, client and server. The TMV Client will automatically connect the TMV server to create tunnels, and the Tunnel ID on both ends have to be the same. Adding TMV on the branch appliance is done as follows:
Step 4: Objects > DPS > ADD
Adding a DPS object for TMV tunnels on the branch appliance:
Step 5: Policy Routing > ADD
Policy Routing for VPN load balancing on the branch appliance is done as follows:
Follow the steps below to configure site-to-site VPN load balancing on the HQ office appliance with the IP details given:
Step 1: WAN > ADD > Static
WAN 1:
WAN 2:
WAN configuration on the HQ office appliance is done as follows:
Step 2: LAN > ADD
LAN configuration on the HQ office appliance is done as follows:
Step 3: Tunnels > ADD
For TMV Tunnels, there are 2 Roles, client and server. The TMV Client will automatically connect the TMV server to create tunnels, and the Tunnel ID on both ends have to be symmetrically set. Adding TMV on the HQ appliance is done as follows:
Step 4: Objects > DPS > ADD
Adding a DPS object for TMV tunnels on the HQ appliance:
Step 5: Policy Routing > ADD
Policy Routing for VPN load balancing on the branch appliance is done as follows:
Policy Routing for site-to-site VPN load balancing on the HQ office appliance is done as follows:
Check if it works. For example, on the LAN hosts at branch office run the command PING to the hosts at HQ office.
