IPSec tunnel aggregation...

Forum|Forum|6 years ago
March 12, 2020
1 reply
3436 views

I'm trying to set up an aggregated site-to-site ipsec tunnel to take advantage of load balancing/redundant WANs. The purpose the the tunnel is to export netflow to a remote collector, using VIPs as the source and destination of the netflow. The problem I'm running into is I cannot define more than one VIP with the same external address (the destination address from the remote end's perspective). Can an aggregated tunnel on one end use just a single end-point on the other end, or do I absolutely need two tunnels on each end? Thanks.

Toshi_Esumi

SuperUser

Did you set different values either on "src-filter" or on "service" for two VIPs with the same "extip"?

kadeyAuthor

New Member

No. I want the VIPs to handle the same traffic, just coming from different interfaces.

Toshi_Esumi

SuperUser

Physical (sounds odd though) tunnels are separated in IPsec aggregate. But the tunnel interface you use for policy and routing including VIPs is only one on both end. In other words, it works as one single tunnel interface.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded