It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Link Balancer

How can I configure my Barracuda Link Balancer as a VPN endpoint?

  • Type: Knowledgebase
  • Date changed: 3 years ago
Solution #00004028

All Barracuda Link Balancers, firmware version 1.1.019 and above.

A VPN tunnel can be created between two Barracuda Link Balancers or between a Barracuda Link Balancer and another device that supports IPsec. 

To configure the Barracuda Link Balancer as a VPN endpoint, go to the Services > VPN page and click the Add New VPN Tunnel button. In the New VPN Tunnel section of the pop-up window that appears, enter the Name of the new tunnel for idetification, and the Primary Link and Backup Link the new VPN connection will be using, Next, enter the Primary Remote Gateway and Backup Remote Gateway, which is the hostname or IP address of the primary and backup VPN endpoints. The Remote Nework entry will require the IP addresses of the remote subnets that are reachable when using the new tunnel. Once an IP and Netmask are entered, click on the Add button to submit the configuration infomatiion, and add any addtional IP and subnet information as needed. Select to Enable or Disable the new VPN tunnel once created in the VPN Status section.

In the Security Policies section, you will need to choose the IPsec Keying Mode used for encryption. If the Shared Secret IPsec Keying Mode is selected, you will need to enter the same shared secret being used on the remote endpoint. If the Trusted Certificate is selected, select the proper local and remote SSL certificate to use for authentication certificate list box. You will need to upload the trusted local certificate to the Link Balancer via the Advanced > Certificates page in the Upload Certificate section. You will also need to upload the CA certficiate for the remote endpoint to the local Link Balancer via the Adavnced > Certificates page in the New Trusted CA Certificate section.

Finally, enter the Encryption, Authentication, D-H Group (Diffie-Hellman key exchange) details of the new VPN tunnel, and the Lifetime of the policy in minutes for the IPsec Key Exchange Policy Phase 1 and IPsec Key Exchange Policy Phase 2, or leave them at their default values. Make sure the settings here are in sync with those on the other end of the tunnel. Any matches whatever the endpoint uses. If you choose one of the other options, make sure the remote endpoint is using the same options.

Once the VPN tunnel is created, the VPN Logs table shows all information logged about the tunnel status. Click the refresh button on your browser to see the most recent messages. When the log exceeds a predetermined size it is removed and a new log is started.

Additional Notes:

  • When creating the tunnel or modifying its parameters, ensure that the settings are correct and in sync on both ends.
  • For testing purposes, start with a shared secret on both endpoints. Using certificates is recommended in a production environment.
  • The Link Balancer only supports Site to Site VPN

Link to This Page: