Skip to main content
NotMine
NotMine
Explorer III
May 5, 2016
Solved

WAN Link Load Balancing + Dial-Up IPsec VPN = A Mess

  • May 5, 2016
  • 1 reply
  • 4933 views

Hello everyone, it's been a while since I've visited this place.

 

I have a strange problem (or a couple of them.....) and I hope someone will be able to help me understand what's causing them. I have 3 Internet connections on a FGT-500D. Two ADSL lines are joined in a WAN Link Load Balancing (LLB) interface. This WAN LLB interface is my default static route to the Internet. The third Internet connection has a static IP, and I'm trying to use it as an VPN endpoint for dial-up VPN clients. The first issue I'm facing is that I cannot add another default static route (with different priority) when a static default route is already entered via WAN LLB. I get an error message "A duplicate entry is found". Two or more static default routes are usually possible to be entered, when there's no WAN LLB.

 

I've tried correcting the problem with Policy Based Routing, but it's simply not working. Here's some IKE debug output (larger image:(

 

Any ideas?

Best answer by ede_pfau

Trying to be pragmatic: discard the WAN LLB and build 2 ECMP def.routes plus one with higher priority. Remember: "priority" = "cost".

(of course, no fun on a production FGT)

1 reply

ede_pfau
SuperUser
ede_pfauAnswer
SuperUser
May 6, 2016

Trying to be pragmatic: discard the WAN LLB and build 2 ECMP def.routes plus one with higher priority. Remember: "priority" = "cost".

(of course, no fun on a production FGT)

NotMine
NotMineAuthor
Explorer III
May 18, 2016

Thank you Ede,

 

I've done exactly that. I guess Wan Link Load Balancing is meant for simple point-and-click scenarios and should be avoided in larger environments.

 

Cheers!

Slavko

Terms & ConditionsAccessibility statement