This guide will show you how to configure VPN load balance between two DrayTek routers. In the example we use the Vigor3900 as the Head Office router and the Vigor3200 as the Branch office router.
|
Head Office (Vigor3900) |
Branch Office (Vigor3200) |
||
|
WAN1: 10.10.10.1 |
GRE: 10.0.0.1 |
WAN1: 10.10.10.2 |
GRE: 10.0.0.2 |
|
WAN2: 10.10.1.1 |
GRE: 10.0.0.3 |
WAN2: 10.10.1.2 |
GRE: 10.0.0.4 |
|
LAN IP: 192.168.1.1 |
LAN IP: 192.168.10.1 |
||
For VPN load balance configuration we will need to enable GRE over IPSec VPN in both the Head Office router and the Branch Office router.
Head Office Router Configuration
Step 1: Set up two IPSec VPN profiles on Vigor3900
Go to VPN and Remote Access>>LAN to LAN configuration menu.
Click on Add to add a VPN profile
On the next page enter the required details. Here we enable this profile (VPN1) and select “always on”. Enter the required details as shown in the diagram below
Leave “Advanced” settings at default values.
Enter GRE settings
Enter IKE Proposal Settings
Repeat the above procedure for second VPN profile (VPN2)
VPN2 GRE Settings
VPN1 and VPN2 Configured
Step 2: Configure VPN Load Balance
Go to VPN and Remote Access>>VPN Trunk Management configuration menu.
Select Load Balance Pool and click on Add to add a VPN Load Balance Pool profile
Create Profile (Pool1) and click apply
After profile created, Select profile “Pool1” and click on Edit to configure this profile.
Select Load Balance Tab and select two VPN profiles (VPN1 and VPN2) for Interface.
Click Apply to save
Select Load Balance Rule Tab and click on Add
Enter required details, Select Load Balance Pool created in previous step and Click on Apply.
Load Balance rule now created.
Remote Office Router Configuration
Step 1: Set up two IPSec VPN profiles on Vigor3200
VPN1 Configuration
Go to VPN and Remote Access>>LAN to LAN configuration menu.
Click on the first index to add a VPN profile.
Enter the required details:
-
- Enable VPN Profile and give it a name.
- Set to Dial-Out and Always on
- Select Dial-Out Settings to IPsec Tunnel
- Enter IKE Pre-Shared Key for IKE Authentication Method
- Select High (ESP) DES Without Authentication for IPsec Security Method
- In GRE over IPsec Settings Enable IPsec Dial-Out function GRE over IPsec and enter GRE IP addresses
- In TCP/IP Network Settings section enter the remote and local IP address details.
VPN2 Configuration
Repeat the steps for VPN1 configuration but configure for WAN2 using WAN2 details.
Step 2: Configure VPN Load Balance
Go to VPN and Remote Access >> VPN TRUNK Management configuration menu.
- Under General Setup menu select the two VPN profiles and assign them to Member 1 and Member 2.
- Select Enable for Status and select Load Balance for Active Mode.
- Then Click [Add]
You should now see the VPN trunk listed under Load Balance Profile List as shown below:
Now Go to VPN and Remote Access >> Connection Management configuration menu, you will see the VPN tunnels are up and running in Load Balance mode.
