Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Andrey_Gl
Explorer
Explorer
Jump to solution

ISP Load sharing exception for VPN peer

we use star community pattern. there are 2 providers on central gateway and we want to enable ISP load sharing therefore we check "apply settings to vpn traffic" but there is a problem that one tunnel is built on gateway that's available on l2 channel (via local address on 3rd interface) without internet access. if we enable option i mentioned above then settings will affect link section and this vpn thus vpn tunnel(with local ip) will be built on gateways with internet access which leads to failure(vpn tunnel won't be built) is there any way to configure isp ls but make an exception for it?

0 Kudos
1 Solution

Accepted Solutions
Wolfgang
Authority
Authority

@Andrey_Gl you can configure ISP redundancy without "apply settings to vpn traffic".

With this setting the configuration for VPN link selection doesn‘t follow ISP redundancy configuration. You can configure VPN link selection with link probing to check which link is available.

View solution in original post

(1)
4 Replies
Wolfgang
Authority
Authority

@Andrey_Gl you can configure ISP redundancy without "apply settings to vpn traffic".

With this setting the configuration for VPN link selection doesn‘t follow ISP redundancy configuration. You can configure VPN link selection with link probing to check which link is available.

(1)
Andrey_Gl
Explorer
Explorer

Thank you.Yes, I see that option, but if I enable it, won't I need to select three addresses there - two provider addresses and one local address of another peer? Won't they interfere with each other? In our installation, there are 10 VPN peers available through two interfaces looking to the Internet, and one VPN peer is available through a local interface.

0 Kudos
Wolfgang
Authority
Authority

No problem to use all three interfaces. If your local interface is only reachable via local routing not via the other ISPs it‘s no problem. But you have to configure properly the outgoing routing options and link probing.

0 Kudos
the_rock
Legend
Legend

Im fairly confident what @Wolfgang suggested will work, as I had customer do this in the past and that was perfect option to make it work as intended.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events