All Barracuda Link Balancers, firmware version 1.1.015 and above.
VPN tunneling involves establishing and maintaining a logical network connection. A VPN tunnel can be created on the Barracuda Link Balancer for VPN access between two Barracuda Link Balancers, or between a Barracuda Link Balancer and another device that supports IPsec from the Services > VPN page.
To add a new VPN tunnel:
- Click on Add New VPN tunnel, a pop up window will appear
- From the pop up window, in the VPN Tunnel section, fill in the required VPN connection information
- Name - Identifier for the VPN tunnel
- Primary Link - The primary link used for the local VPN connection
- Backup Link - The backup link used for the local VPN connection
- Primary Remote Gateway - The corresponding link end point used on the remote VPN client
- Backup Remote Gateway - The corresponding link end point used on the remote VPN client
- Remote Network - The IP or subnet and subnet mask of the remote network that will be connecting to the local network via VPN
- VPN Status - Select Enable to cause the tunnel to be opened. Select Disable to close the tunnel.
- Securty Policies section
- IPSec Keying Mode - Choose the mode to use for encryption. If you choose Shared Secret, enter a password in the Shared Secret field. If you want to use a self-signed or Third Party SSL Certificate, upload the certificate to the Barracuda Link Balancer using the Advanced > Certificates page. Uploaded certificates appear in the Certificates list box. Select the one to use.
- IPSec Key Exchange Policy Phase 1 and Phase 2 (Optional settings for secure key exhange [settings must match settings on the other end of the tunnel])
- Encryption - Choose the encryption algorithm
- Authentication - Select the authentication mechanism to be used.
- DH Group - Select the Diffie-Hellman group to use. The Diffie-Hellman group is used to determine the length of the base prime numbers used during the key exchange process.
- Lifetime - Enter how often, in minutes, this security policy needs to be renegotiated.
- Click Add at the bottom of the pop-up window
The VPN Logs table shows all information logged about the tunnel status. Click the refresh button on your browser to see the most recent messages. When the log exceeds a predetermined size it is removed and a new log is started.
Troubleshooting Broken Tunnels
- Check the VPN Logs table to see if there is information about the cause of the failure.
- Click Edit to view the tunnel parameters. Check that the security and authentication parameters match the tunnel parameters of the other end point.
- Use the tools on the Advanced > Troubleshooting page, ping the remote gateway and perform other diagnostics on the network connection.
When editing the tunnel parameters the Barracuda Link Balancer will destroy the tunnel and then reestablish it with the new configuration settings after changes are saved. If successful, the restart should take only a short amount of time; clients using the tunnel should not experience any data loss.
Link to This Page: