Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
nycc3883
Explorer

IPSec VPN Load Sharing

Hi All,

I would like to achieve IPSec VPN Tunnel Load Sharing (Active Active) with the scenario below:

Site A - With 2 Static IP, each with 100Mbps (HQ)

Site B - with 1 Static IP, with 10Mbps (Branch)

There are 50 Branch with Site B environment to connect to Site A.

 

My question would be

1. Does CheckPoint Load Sharing Active Active can be done in this way?

2. Does it combine Site A both bandwidth as one?

 

0 Kudos
5 Replies
Maarten_Sjouw
Champion
Champion

I think it is important to know what you mean by the "Load Sharing Active Active", does that mean a Cluster in this mode or are you looking for a way to share the load over the 2 internet connections?
For the latter your best bet would be to use Policy Based Routing on the gateway to make sure that a number of tunnels is using the second interface.
You need to add those routes for the remote peers in your gateway and look yourself at the load.
But I think it would be a better way to just use the primary interface for all normal traffic and use the second interface for all tunnels.
That would still be best done with policy based routing as when the second interface fails it will fallback to the primary.
Regards, Maarten
0 Kudos
nycc3883
Explorer

I was referring to IPSec VPN Tunnel Load Sharing as Active Acitive

0 Kudos
Maarten_Sjouw
Champion
Champion

There is no load sharing for VPN, the link selection will allow you to select 1 interface only, also make sure to update the source selection when you do make changes like I mentioned in my previous reply.
Regards, Maarten
0 Kudos
Wolfgang
Authority
Authority

@nycc3883  and @Maarten_Sjouw 

you can define VPN LoadSharing via LinkSelection properties

VPN_LoadSharing.PNG

We are using this with GAiA gateways and the VPN traffic will be distributed beetween both links. I know there are some limitations with SMB devices but don't remember.

Have look at Site to Site VPN R80.30 Administration Guide and search for "load sharing"

Wolfgang

0 Kudos
Maarten_Sjouw
Champion
Champion

So you learn something every day. Thanks @Wolfgang
Regards, Maarten
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events