Load Balancing of Always On VPN

0

 

Configuration has yet to be fully verified, Kemp Support will gladly assist if your AppSense traffic is not flowing as expected.

 

1   Introduction

Windows 10 Always On VPN is the replacement for Microsoft’s DirectAccess remote access solution. Always On VPN works in much the same way as DirectAccess, providing seamless, transparent, and always-on remote access. Under the covers it uses traditional client-based VPN protocols like the Internet Key Exchange version 2 (IKEv2) and Secure Sockets Tunneling Protocol (SSTP).

 

1.2  Document Purpose

This section details a configuration for a specific application that has been provided by a customer but has yet to be fully tested.

The purpose of this document is to give readers an overview on the recommended best practice settings when configuring the Always On VPN components for load balancing.

Configuration has yet to be fully verified, but Kemp Support will gladly assist if Always On traffic is not flowing as expected.

 

2  Configuration Required

Two Virtual Services required. One listening on port 500 for Connection and one for Session on port 7751. Both on protocol UDP. 

 2.1 Global Configuration  

     >No Changes Required

 

2.2  Virtual Service Configuration:

 

2.3   AlwaysOnVPN

      > New Virtual Service

      > Enter IP Address

      > Port = 500

      > Name = AlwaysOnVPN     

> Add New Virtual Service



 2.4    Standard Options   

      > Disable Transparency

      > Subnet Originating Request = Enable

      >  Persistence = Source IP 

      >  Persistence Time = 1hr  

      > Scheduling Method = Least Connection

      >  Idle Connection Timeout = 660  (Default)

 


 2.5   Advanced Properties

      > Port Following = Select the UDP VS on Port 4500



   2.6   Real Servers

      > Add New 

      > Enter IP Address

      > Port = 500

      > Checker Parameter Type = ICMP 

      > Enable Enhanced Options - Leave 1 Server as Minimum

      > Under Healthcheck On = Healthcheck on Self

 



 3.1    Always On VPN_Session Virtual Service

      > New Virtual Service

      > Enter IP Address

      > Port = 4500

      > Name = AlwaysOnVPN_Session

> Add New Virtual Service



3.2    Standard Options   

      > Disable Transparency

      > Subnet Originating Request = Enable

      >  Persistence = Source IP 

      >  Persistence Time = 1hr  

      > Scheduling Method = Least Connection

      >  Idle Connection Timeout = 660  (Default)

 

 3.3   Advanced Properties

      > Port Following = Select the UDP VS on Port 500



  3.4  Real Servers

      > Add New 

      > Enter IP Address

      > Port = 4500

      > Enable Enhanced Options - Leave 1 Server as Minimum

      > Under Healthcheck On = Healthcheck on the RS IP on port 500




If you have successfully Load Balanced your Always On VPN environment by implementing this specific configuration, please give a thumbs up or please leave a comment on a possible alteration that was required to make it function. Thank you

0 comments