We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Network Access Client

How to Configure Connection Fallback using Multiple VPN Gateways

  • Last updated on

Configure the Barracuda VPN Client for Windows to silently switch to fallback VPN gateways when a VPN gateway is not reachable, such as when the client is used in different corporate networks or geographic locations. A working VPN connection is always available and the appropriate gateway is automatically selected. The client will automatically start with the last connected profile in the fallback chain when it tries to establish a connection.

Example Scenario

In this example, three VPN profiles are used to connect to a corresponding gateway into the company network:

  • externalvpn.mycompany.com – The gateway to be used when the client is not connected to a corporate network.
  • hqvpn – The gateway to be used within the company HQ network.
  • branchvpn – The gateway to be used within a branch office network.

These VPN profiles are configured as part of a fallback chain that will be used by the VPN client to find the appropriate gateway. You can initiate a VPN connection using the hqvpn profile that is set as the default VPN profile. If necessary, the VPN client will try each configured VPN profile in the fallback chain until it can establish a connection.

vpn_fallback.png

Fallback chain:

fallback_chain.png

Configure the VPN Profiles

Configure the VPN profiles for the three gateways as shown in the example scenario.

Step 1. Set up the VPN Gateways

Create a VPN profile for each of the three VPN gateways.

  1. In the Barracuda VPN Client window, Select New Profile
  2. In the Server Address field, enter the IP address or host name of the first gateway. E.g.: externalvpn.mycompany.com
  3. Set Remember Credentials to Username so that the client will reconnect to this server without prompting users for their username.
  4. Select your Authentication Method:
    • If you choose User Name/Password, you must configure additional settings to save the password locally if you do not want the client to constantly prompt users for a password when changing gateways.
    • To automatically reconnect in the background, select X509 or Barracuda License.

    For more information on configuring a profile and choosing the correct authentication method, see How to Create VPN Profiles.

  5. Configure the two remaining profiles with your respective parameters. The two remaining profiles used in the example scenario are named hqvpn and branchvpn, and they point to identically named VPN servers.

Step 2. Configure externalvpn.mycompany.com
  1. In the Barracuda VPN Client window, right-click the externalvpn.mycompany.com entry and select Edit. The Edit Current User VPN Profile window opens.
  2. Click the Connect/Reconnect tab.
  3. In the Connect section, enable Always use fastest VPN server. This setting ensures that the client will always use the fastest available gateway.
  4. In the Reconnect section, enable Fast Reconnect.
  5. In the same section, set Fallback Profile to hqvpn.
    With this option set, the next gateway in the chain will be tried if the primary gateway is not reachable.
  6. Because the externalvpn.mycompany.com gateway is used when the client is not connected to the company network, you should disable it in the company network.
  7. Although the external URL of a company's VPN server should not be reachable from within a cleanly configured company network, you can accelerate the switch to the next fallback profile by enabling the client to detect the company's Active Directory (AD) service:
    1. Click the Advanced tab.
    2. In the Active Directory section, configure the following settings:
      • Set Enable Active Directory Probing to Yes.
      • In the Active Directory Probing Hosts field, you can enter one or more known IP addresses for the MSAD service to help the client quickly detect the AD service.
  8. Click Save.

  9. In the VPN Client window, click the settings icon on the top left to open the VPN Settings panel.
    settings_icon.png

  10. In the User Interface Settings section, configure the following settings:

  11. To disable the informational pop-up window that displays connection status changes, set Show Toast Notifications to No.

Step 3. Configure hqvpn

Configure the hqvpn profile with the same settings as the external profile, with these three exceptions:

  1. In the Reconnect section, set Fallback Profile to branchvpn. This way, the branch network's VPN gateway is defined to be the next gateway in the chain.
  2. Set Enable Active Directory Probing to No.

Step 4. Configure branchvpn

Configure the branchvpn profile with the same settings as the hqvpn profile, with these two exceptions:

  • In the Reconnect section, set Fallback Profile to externalvpn.mycompany.com. This closes the fallback chain so that the external VPN gateway will be tried next if none of the company's internal VPN gateways is reachable. 
Last updated on