Forum Discussion
kykong_107132
May 13, 2008Nimbostratus
I do have few customer using Link controller to front the VPN gateway.
In order for VPN to work behind Link Controller, we need to make sure the VPN gateway work behind the NAT device. I believe most of the current firewall should support this.
for incoming traffic
----------------------------------
1. create VS with port 0 and associate with the firewall_pool. select performanceL4 and select All protocol.
2. create VS with port 500 and associate with the firewall_pool_500. this is for IKE traffic.select performanceL4 and select All protocol.
for VPN outgoing traffic
------------------------------
to my understanding we cannot load balance VPN traffic, what we can do is provide failover if the primary link is down. to do VPN outbound LB,
1. create a vpn_gateway_pool with 1 of the link higher priority.
2. create a vpn_wildcard_vs port 500 and associate with vpn_gateway_pool.
3. create a snat_pool with VPN public IP addresses as snat pool members.
regards,
KY