09-14-2010 11:34 PM
The customer currently has 4 internet links (3 DSL & 1 leased line). They have an office in Site B and they require VPN connectivity between the 2 locations. The simple requirement is that the VPN has to be established and all 4 internet links have to be used in unison to send and receive the VPN traffic at the Site A end. It is not enough that the VPN is established over 1 link and if that link fails the VPN is transferred to a 2nd link. This is merely a VPN failover. The customer needs load balancing where all 4 links are used for sending VPN traffic.
1. Can I use a Site-to-Site vpn in Palo Alto for site A and the some other firewall for the other end?
2. What will happen to the IPsec tunnel with the act of the link load balancer?
I have attached a diagram of the requirement.
09-18-2010 09:29 AM
Hello,
The most commonly used feature to accomplish this is Policy Based Forwarding. The route monitoring feature in PBF will allow you to failover to another tunnel when your NH is down. In order to achieve the load-sharing you're after, you'll have to configure multiple PBF rules that service different source or destination addresses (using PBF rules to send traffic from certain hosts/servers down different IPSec tunnels). There are other alternatives (such as dynamic routing) that you could use but PBF is the most straightforward.
Hope this helps!
Nick Campagna
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
