Load Balancing VPN Connection
Hi,
I have a client who wishes to load balance an IPSEC VPN connection from an external computer two one of two servers behind an F5 LTM. The client wants the connection to connect to the primary server and when that fails redirect all new attempts to the backup until the primary recovers, if possible this should be done without interruption to the connection but i appreciate the backup will have no idea of the connection before it is switched and so a new tunnel would have to be established.
I've looked on the knowledgebase and can see there are options to use the F5 as the tunnel termination point and also the F5 can act as just an IP Forwarder. The client wants encryption to the servers but doesn't mind if the F5 is the endpoint and then establishes another tunnel to the backend servers.
My questions are :
- Has anyone done this before and if so what is the best approach ?
- How does the load balancing work between the servers (is this just persistence with a health monitor ) ?
Thanks.