Expired

V. VPN (Virtual Private Networking)

Expired

Vigor 3900 VPN Trunk

Products:
Vigor 3900
Vigor 2960
Keywords:
2960
GRE
VPN Load Balance
VPN Trunk

VPN Trunks offer a way of creating multiple site-to-site VPN tunnels between the same two subnet, the advantage of doing this is that the VPN trunk can provide both load balancing and redundancy.

If there are multiple WAN connections available then one VPN tunnel could be created on each WAN to maximise the bandwidth available for the VPN trunk. Even if one of the sites has a single WAN link, a one-to-many VPN trunk can be created to take advantage of the multiple connections at the multi-wan site.

The Vigor 3900 offers Load Balance and Failover modes. This guide covers the setup of a load balanced VPN trunk between two Vigor 3900 routers, with each router having two WAN interfaces.

VPN Trunk

Consider a scenario as per the above image, Vigor 3900s on Site A and Site B have two WAN connections and there are two IPSec VPN links through each WAN port.

Site A Vigor 3900

LAN : 192.168.1.0/24
WAN1 : 80.0.0.1
WAN2 : 90.0.0.1

Site B Vigor3900

LAN : 192.168.2.0/24
WAN1 : 80.0.0.2
WAN3 : 90.0.0.2

Part 1: Site A Vigor 3900 Configuration

Go to [VPN and Remote Access] - > [VPN Profiles] menu. Here add two VPN profiles for WAN1 and WAN2 each.

VPN Profile 1 (WAN1)

VPN Profile 1 (WAN1)

  • Enable Profile and give it a name
  • Under Basic tab, select "Always On" [with this option router automatically initiates the VPN link, it doesn’t need a manual trigger to dial out]
  • Select WAN interface as "WAN1"
  • Set Local IP subnet as 192.168.1.0 / 255.255.255.0
  • Set Remote Host as 80.0.0.2 [WAN1 IP address of Site B Vigor 3900] and configure a pre-shared key
  • Set Remote IP subnet as 192.168.2.0 [LAN subnet of Site B Vigor 3900]
  • Under GRE tab, enable GRE function
  • Set Local GRE IP as 1.1.1.1 and Remote GRE IP as 1.1.1.2

VPN Profile 1 (WAN1)

[GRE IP Addresses can be any IP address of your choice. Just make sure that they do not conflict with any IP subnet routes in the Routing Table.]

VPN Profile 2 (WAN2)

VPN Profile 2 (WAN2)

VPN Profile 2 (WAN2)

Go to [VPN and Remote Access] -> [VPN Trunk Management] menu. Here click on Load Balance tab. Here add a Load Balance Pool and select appropriate VPN profiles.

VPN Profiles

Under Load Balance Rule tab, add a rule as shown in below screenshot.

Load Balance Rule

Part 2 : Site B Vigor 3900 Configuration

VPN Profile 1 (WAN1)

VPN Profile 1 (WAN1)

VPN Profile 1 (WAN1)

VPN Profile 2 (WAN2)

VPN Profile 2 (WAN2)

VPN Profile 2 (WAN2)

VPN Trunk Management

VPN Trunk Management

VPN Trunk Management

How do you rate this article?

1 1 1 1 1 1 1 1 1 1

Add a comment to this article

In the below box, you can add comments which you consider might be helpful to other users reading this article:

(Will be shown on your comment)
(Optional, Not shown/published)


NOTE : All comments are reviewed before publication and may not be posted or may be redacted if the editors do not consider them helpful. The use of offensive or obscene language, copyrighted material, or advertising or promotion or linking to any other product or service is prohibited. By submitting your comment, you confirm that you are the original author and assign copyright of the content to DrayTek indefinitely and irrevocably.