V. VPN (Virtual Private Networking)

Vigor 3900 VPN Trunk

Products:
Vigor 3900
Vigor 2960
Keywords:
2960
GRE
VPN Load Balance
VPN Trunk

VPN Trunks offer a way of creating multiple site-to-site VPN tunnels between the same two subnet, the advantage of doing this is that the VPN trunk can provide both load balancing and redundancy.

If there are multiple WAN connections available then one VPN tunnel could be created on each WAN to maximise the bandwidth available for the VPN trunk. Even if one of the sites has a single WAN link, a one-to-many VPN trunk can be created to take advantage of the multiple connections at the multi-wan site.

The Vigor 3900 offers Load Balance and Failover modes. This guide covers the setup of a load balanced VPN trunk between two Vigor 3900 routers, with each router having two WAN interfaces.

VPN Trunk

Consider a scenario as per the above image, Vigor 3900s on Site A and Site B have two WAN connections and there are two IPSec VPN links through each WAN port.

Site A Vigor 3900

LAN : 192.168.1.0/24
WAN1 : 80.0.0.1
WAN2 : 90.0.0.1

Site B Vigor3900

LAN : 192.168.2.0/24
WAN1 : 80.0.0.2
WAN3 : 90.0.0.2

Part 1: Site A Vigor 3900 Configuration

Go to [VPN and Remote Access] - > [VPN Profiles] menu. Here add two VPN profiles for WAN1 and WAN2 each.

VPN Profile 1 (WAN1)

VPN Profile 1 (WAN1)

  • Enable Profile and give it a name
  • Under Basic tab, select "Always On" [with this option router automatically initiates the VPN link, it doesn’t need a manual trigger to dial out]
  • Select WAN interface as "WAN1"
  • Set Local IP subnet as 192.168.1.0 / 255.255.255.0
  • Set Remote Host as 80.0.0.2 [WAN1 IP address of Site B Vigor 3900] and configure a pre-shared key
  • Set Remote IP subnet as 192.168.2.0 [LAN subnet of Site B Vigor 3900]
  • Under GRE tab, enable GRE function
  • Set Local GRE IP as 1.1.1.1 and Remote GRE IP as 1.1.1.2

VPN Profile 1 (WAN1)

[GRE IP Addresses can be any IP address of your choice. Just make sure that they do not conflict with any IP subnet routes in the Routing Table.]

VPN Profile 2 (WAN2)

VPN Profile 2 (WAN2)

VPN Profile 2 (WAN2)

Go to [VPN and Remote Access] -> [VPN Trunk Management] menu. Here click on Load Balance tab. Here add a Load Balance Pool and select appropriate VPN profiles.

VPN Profiles

Under Load Balance Rule tab, add a rule as shown in below screenshot.

Load Balance Rule

Part 2 : Site B Vigor 3900 Configuration

VPN Profile 1 (WAN1)

VPN Profile 1 (WAN1)

VPN Profile 1 (WAN1)

VPN Profile 2 (WAN2)

VPN Profile 2 (WAN2)

VPN Profile 2 (WAN2)

VPN Trunk Management

VPN Trunk Management

VPN Trunk Management

How do you rate this article?

1 1 1 1 1 1 1 1 1 1

First Published: 18/09/2013
Last Updated: 04/04/2017