5.4.5, SSLVPN full tunnel mode and virtual-wan-link

Forum|Forum|8 years ago
June 30, 2017
1 reply
13803 views

I'm trying to consolidate several WAN links on a 100D running 5.4.5 into a WAN LLB link, and there is a problem: we're using SSL VPN full tunnel mode (not split tunnel) and there does not appear to be a way to create an ssl.root -> virtual-wan-link policy; selecting one removes the other from selection option. Is there some prerequisite for this that I'm missing, or are WAN LLB and SSL full tunnel modes currently incompatible?

5.4

topetry

New Member

Yesterday I was running into the same thing. To create the WAN LLB interface I had to free up our 2 WAN interfaces so I replaced them with an unused interface in all policies. After this I created the WAN LLB interface and reassigned it to the policies. Redundant internet connection was working as expected but I couldn't assign the WAN LLB interface or one of the to physical WAN interfaces to the SSL.root<->WAN policy. After this I rolled back. I'm also using 5.4.5 and now I'm also questioning If this 2 features (WAN LLB and SSL VPN) are incompatible (within the same vdom)?

bmeklerAuthor

New Member

I opened a ticket with support and they told me as much. I suppose I'll have to use zones when I need full tunnel VPN, same way I did before they added WAN LLB in 5.2.

Sunil_Panchal_NSE7

New Member

Dear friends,

wan-load balance and ssl vpn are two different technology .In wan-load you are going out with different Publi IP because you have marge all wan to get redundant internet and wan connection is terminated on you firewall with gateway and static routes.

But in SSL vpn you are first find the Public IP then using credential you are login.

you can merge wan IP from out side to use that service . Per wan port theri is seperate SSL link need to be created .

may be foritOS 5.6 can help you in that thing .

best regards

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded