Introduction:
In the past, IPSec VPN tunnels destined for the same remote network could only establish over a single interface, yet it is now possible to form and send traffic over IPSec VPN tunnels on multiple interfaces with the Q-Balancer appliances at both ends, which significantly increases the flexibility of traffic path and routing decisions in VPN deployments.
Requirements:
In this case, the solution is required to:
> Failover LAN-to-LAN access between two IPSec tunnels.
> Find the optimal path for critical network services.
Configuration:
>> Follow the steps below to configure IPSec VPN Tunnels for load balancing on the branch appliance with the IP details given:
Step 1: WAN > ADD > Static
WAN 1:
WAN 2:
WAN configuration on the branch appliance is done as follows:
Step 2: LAN > ADD
LAN configuration on the branch appliance is done as follows:
Step 3: VPN > IPSec > ADD
In the Q-Balancer there are two types of IPSec VPN Tunnels, General and QB2QB. General is to establish IPSec VPN with third-party VPN solution, while QB2QB is to establish IPSec VPN between the Q-Balancer appliances. In this case, we will use QB2QB to build IPSec tunnels. Adding IPSec Tunnels on the branch appliance is done as follows:
Leave rest of parameters below default.
The procedure of adding second IPSec Tunnel is same as the first one, and so is skipped in this article. The IPSec tunnels on the branch appliance is done as follows:
Step 4: Objects > DPS > ADD
Adding a DPS object for IPSec VPN tunnels on the branch appliance:
Step 5: Policy Routing > ADD
Policy Routing for IPSec VPN Tunnels on the branch appliance is done as follows:
>> Follow the steps below to configure IPSec VPN Tunnels for load balancing on the HQ appliance with the IP details given:
Step 1: WAN > ADD > Static
WAN 1:
WAN 2:
WAN configuration on the HQ appliance is done as follows:
Step 2: LAN > ADD
LAN configuration on the HQ appliance is done as follows:
Step 3: VPN > IPSec > ADD
Leave rest of parameters below default.
The procedure of adding second IPSec Tunnel is same as the first one, and so is skipped in this article. The IPSec tunnels on the HQ appliance is done as follows:
Step 4: Objects > DPS > ADD
Adding a DPS object for IPSec VPN tunnels on the HQ appliance:
Step 5: Policy Routing > ADD
Policy Routing for VPN load balancing on the branch appliance is done as follows:
Policy Routing for IPSec VPN on the HQ appliance is done as follows:
Check if the LAN hosts at the branch are able to ping hosts at the HQ now.
