HotBrick VPN 800-2 User Manual

Firewall HotBrick LB-2 VPN or VPN 800/2

How To

How to set up VPN Failover on the LB-2 VPN or VPN 800/2

How to Establish VPN Failover using the LB2 VPN or VPN 800/2

This document describes a scenario for testing the VPN Redundancy (or Failover) feature of
the LB2 VPN (with or without requiring a license key) and the VPN 800/2.

What is VPN Redundancy?
VPN Redundancy is similar to the Connection Failover feature on the LB2 VPN and VPN

800/2. The purpose of VPN Redundancy is to provide an automatic backup connection for VPN
traffic.

This is different from just building two VPN tunnels simultaneously, because having 2
concurrent VPNs doesn’t mean that redundancy is present. Redundant VPNs indicates there is a
backup VPN tunnel for the active tunnel. If the active tunnel fails, the backup tunnel will take its
place and keep traffic moving through the tunnel.

There’s no load balance inside VPN tunnels. Load balance is only available for internet traffic.

Initial considerations:

This document is applicable to the related products:

• LB2 VPN

• VPN 800/2

This document is based on a laboratory scenario illustrated in the diagram below.

Image 1: The conceptual scenario

How to set up VPN Failover on the LB-2 VPN or VPN 800/2 Property of HotBrick — 2005

2

• The products used in this lab have the March/2005 firmware installed.

Image 1a: The LB2 VPN with March/2005 firmware installed

Image 1b: The VPN 800/2 with March/2005 firmware installed

• This solution is recommended for scenarios where VPN redundancy is needed, required or
desirable.

• Two WAN connections are needed on every node of the VPN tunnel.

• This example was built using Static IP Connections on every WAN port, but it could be used

for other scenarios where PPPoE or dynamic connections are being used.

• The worst case of redundancy delay requires up to 2 minutes of latency before traffic resumes.
The network project must accept this delay in the applications, software or whatever that is
requiring the VPN connection to work properly.

Step – by – Step Setup Procedure

Step 1: Setting up the VPN tunnels

First of all, it is necessary to establish two tunnels between both sites, always taking care to
consider the WAN1 VPN tunnel as the mandatory, or principal, VPN Connection and the WAN2 VPN
Tunnel (always) as the secondary or backup tunnel.

You will always have to build the tunnels connecting WAN1 to WAN1 and WAN2 to WAN2.
To receive help on how to establish an IPSec VPN tunnel, search for the appropriate step – by

How to set up VPN Failover on the LB-2 VPN or VPN 800/2 Property of HotBrick — 2005

3

– step procedure on our download webpage. For more information, go to http://www.hotbrick.com
and the support section, then the download page.

Image 2a: The LB2 VPN Tunnels.

Image 2b: The VPN 800/2 Tunnels.

Step 2: Setting up the RIP2 protocol

As shown on the screenshot below, the RIP2 protocol should be enabled and activated for all
network interfaces (LAN, WAN1 and WAN2).

Open the GUI interface of each product and click on the ‘Routing’ option under ‘Advanced
setup’.

On ‘Dynamic Routing’, click on the ‘enable’ check-box on the RIP v2 line. It should appear
checked. If it’s already checked, leave it that way.

Enable all the LAN, WAN1 and WAN2 check-boxes.
Click on the ‘Submit’ button.

How to set up VPN Failover on the LB-2 VPN or VPN 800/2 Property of HotBrick — 2005

4