How to configure a VPN client/server when the A10 is in the middle performing link balancing (NHLD)
Marlon_Juarez
Member ✭
Hello everyone! I would like to ask you for help, since I need to configure a client/server VPN where the client is the request from the internet, reaching A10, where it balances 3 links (NHLD), then the client's request the A10 must send it to the Firewall (LAN) which is the VPN server.
Thanks a lot for your help!
Tagged:
0
Comments
If I'm understanding correctly, the A10 is performing NHLD across 3 links, but for the VPN connections, do you want to send those connection to only 1 particular link? Are we trying to prevent load balancing these client VPN connections?
hello! Thanks for the answer, I'll tell you, the structure is as follows
Client VPN > 3 links > NHLD > Firewall > LAN
The client wants the VPN requests from Internet clients, regardless of the link, to be sent by the balancer to the FW so that it is the VPN server. Do you consider the request possible?
This should be possible. I'm imagining we may use a unique wildcard VIP + ACL for the VPN destination IP. Could you share a sanitized configuration for review?
At the moment there is no configuration, because it will be a new installation that we will carry out shortly
but I wanted to go ahead by validating the possibility of making the request that the client requests
Do you know any configuration that could help me with this?
There is a NHLD configuration example within the Application Delivery Controller admin guide as well as explanation of the configuration elements. One piece I'm curious about is in this flow:
Client VPN > 3 links > NHLD > Firewall > LAN
Are the "client VPN" connections sourcing from the public internet?
Traditionally, NHLD is used to distribute connections from internal clients out to the internet across multiple firewalls or internet links. In your use-case, what function is NHLD performing for connections sourcing from the Internet destined for your private LAN?