We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Link Balancer

How do I Configure IP/Application Routing for Outbound VPN Traffic in Firewall disabled mode?

  • Type: Knowledgebase
  • Date changed: 11 months ago
Solution #00006111

Scope: 

Barracuda Link Balancer, All firmware versions


Answer:

We need to configure 5 rules for GRE, PPTP, NAT-T, ESP and IKE respectively. By default the Link Balancer will have 3 Predefined applications (IKE, GRE and PPTP). Hence we need to create Custom Applications for ESP and NAT-T. This can be done under Policy > Applications > Custom Applications.



For ESP, Enter the Application Name as ESP, Protocol type is ESP and Click on ADD.

For NAT-T Enter the Application Name as NAT-T Protocol type is UDP and Port Number is 4500.



Once this is configured we will have a list of all the 5 Applications required for configuring routing for outbound VPN Traffic.

We can configure the IP/Application Routing under Policy > Outbound Routing > IP/Application Routing.


1. Enter a unique Rule Name and complete the following condition fields:

--Source IP Address ? Enter the IP address (e.g. 10.0.0.1) Being NATed on the Firewall behind the link balancer

--Source Netmask ? Enter a netmask (e.g. 255.255.255.255 if it is a single host, or if it is a set of IP Addresses then input the subnet mask accordingly)

--Application ? Create 5 different rules and select GRE, PPTP, NAT-T, ESP and IKE respectively

--Destination IP Address ? Enter the IP Address of the VPN Remote Gateway

-- Destination Netmask ? Enter a netmask (e.g. 255.255.255.255 if it is a single host, or if it is a set of IP Addresses then input the subnet mask accordingly)


2. Complete the action field to specify what happens if the traffic matches the condition:

--Link Balance ?Select No and then select a Primary and a Backup link. ( Since we need to make sure that at a given point of time, all the traffic with respect to the 5 Applications mentioned above should be going out of a single WAN Link retaining the same IP Address)



Primary Link:

Default ? Outgoing traffic is directed to the WAN link that is on the same subnet.

Or, select a specific link from the list to bind the traffic to that link. 



Backup Link:

None ? Drop this traffic if the primary link is not available.

Or, select a specific link from the list to bind the traffic to that link. 



NAT ? Clear the check box to maintain the original source IP address if there is no Backup Link. If there is a Backup Link then you will have to check the NAT option and then add Source Network Translation rules to retain the Original Source IP address which is the NATed IP Address on the Firewall behind the link balancer for all the 5 Applications.



3. Click Add



Note:

The rules in the IP/Application Routing table appear in execution order, from top to bottom. New rules are added to the bottom of the table but the rule order can be changed by using the arrows on the right side of the table. Only the first rule that matches the profile of the traffic is executed.


Link to this Page: