Manualshelf

Specifications

ManualsBrandsBarracuda Networks ManualsComputer equipmentLoad Balancer
31323334353637383940
Chapter 3: Configuring the Barracuda Link Balancer 29
Failover and Failback
When configuring a tunnel you can specify a primary and a backup link. If the primary link fails, the
tunnel will be reestablished using the backup link. When the primary link is restored, the tunnel will
automatically fail back to use the primary link.
VPN Tunnel as Failover Link for a Broken Site-to-Site WAN Link
A VPN tunnel can be configured to act as a failover link replacing a temporarily broken WAN link.
To make use of this feature, it is required to have two Barracuda Link Balancers with disabled
firewalls in both networks which are to be connected through the failover tunnel. Both
Barracuda Link Balancers need to be configured to act as failover WAN endpoints.
To activate the WAN failover, you must select the respective option in the
VPN Status configuration
item of a VPN connection on both Barracuda Link Balancers in order to enable the failover tunnel for
WAN1 (or, respectively, one of the other interfaces). If the WAN link fails, the VPN connection will
then be activated. When the WAN link is restored, the VPN connection will no longer be used.
To make use this feature, please perform the following configuration tasks:
1. Add an IP/APP rule to send all site-to-site traffic via the WAN link and use the VPN as failover
for this traffic.
2. Add an IP/APP rule to send all remaining traffic via any WAN link but not expect this traffic to
failover to the VPN.
IP/APP rules should be configured as described below to allow this to happen:
IP/APP rule #1:
Src 192.168.17.0/24, App *, Dst 172.16.1.0/24, LB No, use
MPLS, no Backup, no NAT
IP/APP rule #2: Src 192.168.17.0/24, App Ping, Dst 172.16.1.0/24, LB No,
use MPLS, no Backup, no NAT
IP/APP rule #3: Src 0.0.0.0/0, App *, Dst 0.0.0.0/0, LB No, use DSL, no
Backup, NAT yes
IP/APP rule #4: Src 0.0.0.0/0, App Ping, Dst 0.0.0.0/0, LB No, use DSL, no
Backup, NAT yes
Troubleshooting a VPN Tunnel
If the Barracuda Link Balancer is unable to establish a tunnel then you may be able to discover the
problem by checking the following:
•On the
Logs > VPN Log page, check the VPN Log to see if anything has been logged about the
cause of the failure.
•On the
Services > VPN page, click Edit next to the tunnel entry to view the tunnel parameters.
Check that the security and authentication values match the tunnel parameters of the other end
of the tunnel.
Check the link status using the
Basic > Status page.
Note: External firewalls must be configured properly to allow the VPN failover tunnel.