Got 2 VPN 3080 Concentrator (V3.5.3), and configured to run load-balance (LB).
When configuring these boxes, it's common to add VCA In&VCA Out rules, both for Private and Public interfaces.
However, for Private interface, the rules are automatically replaced/overwritten by another set of rules, as follow :
New rules automatically added to the 1st Concentrator's Private Filter
* (ip - X.X.X.X) :
VCAL2L: Y.Y.Y.Y In (apply IPSec on inbound from Y.Y.Y.Y to X.X.X.X)
VCAL2L: Y.Y.Y.Y Out (apply IPSec on inbound from X.X.X.X to Y.Y.Y.Y)
New rules automatically added to the 2nd Concentrator's Private Filter
(ip - Y.Y.Y.Y) :
VCAL2L: X.X.X.X In (apply IPSec on inbound from X.X.X.X to Y.Y.Y.Y)
VCAL2L: X.X.X.X Out (apply IPSec on inbound from Y.Y.Y.Y to X.X.X.X)
Has anyone configured LB before, and experienced similar changes? Need to know why the VPN Concentrators automatically replaced my previous Private Filter rules, and what happened to the previous VCA In&Out rules?
Since these rules are based on IP Address, can I generalize them like VCA In & VCA Out, and will never be overwritten by the Concentrator again?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...