Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
270
Views
0
Helpful
1
Replies

Load balancing question.

spodonnell
Level 1
Level 1

‎12-06-2005 02:26 PM - edited ‎03-09-2019 01:16 PM

Is it possible to load balance between two VPN 3k boxes that don't exist in the same logical public subnet?

Labels:
0 Helpful
1 Reply 1

spremkumar
Level 9
Level 9

‎12-07-2005 05:39 AM

Hi

This link does says that all the boxes configured in the virtual cluster must be in same public & private subnets.

Restrictions

These restrictions apply to load-balancing on VPN 3000 Concentrators:

Load-balancing can only occur with Cisco Release 3.x (or later) IPsec VPN Clients-to-LAN connections. Earlier VPN Clients can still connect to their target Ethernet2 (public) port IP address within the cluster.

Note: Load balancing can still work if both VPN Concentrators do not have the same software version loaded on them.

VPN virtual cluster IP address, User Datagram Protocol (UDP) port, and shared secret must be identical on every device in the virtual cluster.

All devices in the virtual cluster must be on the same public and private IP subnets.

A filter has to be applied on both public and private interfaces. The defaults are:

private filter on the private interface

public filter on the public interface

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_tech_note09186a0080094b4a.shtml#req

regds

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents