Configuring the WSM using Device Manager # Go back one pageGo to the next page#Go to this book's Index

Configuring public-side network devices

To configure the public-side network devices (WSM-3 and WSM-4) in VPN configuration example:

  1. Define and enable VLAN 2 for ports 3 and 4. See Configuring a VLAN.
  2. Turn off Spanning Tree Protocol (STP) for ports 3 and 4. See Enabling or disabling spanning tree on a port.
  3. Define the public-side network IP interfaces using the settings in the following table. See Manually configuring an IP interface.
  4. Create one public-side network IP interface on a different subnet for each VPN device being load-balanced.

    Field in Device Manager Setting for WSM-3 Setting for WSM-4
    Interface Number
    1
    1
    IP Address
    192.168.10.10
    192.168.10.11
    IP Subnet Mask
    255.255.255.0
    255.255.255.0
    VLAN
    1
    1
    State
    Enabled
    Enabled
    BOOTP Relay
    Disabled
    Disabled
    Interface Number
    2
    2
    IP Address
    10.0.0.10
    10.0.0.20
    IP Subnet Mask
    255.255.255.0
    255.255.255.0
    VLAN
    2
    2
    State
    Enabled
    Enabled
    BOOTP Relay
    Disabled
    Disabled
    Interface Number
    3
    3
    IP Address
    10.0.0.11
    10.0.0.21
    IP Subnet Mask
    255.255.255.255
    255.255.255.255
    VLAN
    2
    2
    State
    Enabled
    Enabled
    BOOTP Relay
    Disabled
    Disabled

  5. Configure routes for each of the IP interfaces using the VPN devices as gateways. Configure one static route for each VPN device being load-balanced. See Configuring static routes.

    Field
    in Device Manager
    Setting
    for WSM-3 and WSM-4
    Static Route
    [1 - 128]
    Destination IP Address
    20.0.0.10
    IP Subnet Mask
    255.255.255.255
    Gateway IP Address
    10.0.0.101
    IP Interface
    2
    Static Route
    [1 - 128]
    Destination IP Address
    20.0.0.11
    IP Subnet Mask
    255.255.255.255
    Gateway IP Address
    10.0.0.102
    IP Interface
    3
    Static Route
    [1 - 128]
    Destination IP Address
    20.0.0.20
    IP Subnet Mask
    255.255.255.255
    Gateway IP Address
    10.0.0.101
    IP Interface
    2
    Static Route
    [1 - 128]
    Destination IP Address
    20.0.0.21
    IP Subnet Mask
    255.255.255.255
    Gateway IP Address
    10.0.0.102
    IP Interface
    3

  6. Enable virtual routing on WSM-3 and WSM-4. See Enabling virtual routing on the WSM.
  7. Configure VRRP for virtual routers 1 and 2 using the settings in the following table. See Configuring a virtual router.

    Field
    in Device Manager
    Setting
    for WSM-3 and WSM-4
    Virtual Router Number
    1
    Virtual Router ID
    1
    IP Address
    192.168.10.50
    IP Interface
    1
    State
    Enabled
    Priority
    101
    Load Sharing
    Disabled
    Track VRs
    Enabled
    Track VLAN Ports
    Enabled
    Virtual Router Number
    2
    Virtual Router ID
    2
    IP Address
    10.0.0.1
    IP Interface
    2
    State
    Enabled
    Priority
    101
    Load Sharing
    Disabled
    Track VRs
    Enabled
    Track VLAN Ports
    Enabled

  8. Enable Server Load Balancing (SLB) on WSM-3 and WSM-4. See Enabling or disabling server load balancing.
  9. Configure real servers for health checking VPN devices using the settings in the following table. See Configuring each real server.

    Field
    in Device Manager
    Setting
    for WSM-3 and WSM-4
    Real Server
    1
    IP Address
    20.0.0.10
    State
    Enabled
    Name
    VPN Server 1
    Real Server
    2
    IP Address
    20.0.0.11
    State
    Enabled
    Name
    VPN Server 2
    Real Server
    3
    IP Address
    20.0.0.20
    State
    Enabled
    Name
    VPN Server 3
    Real Server
    4
    IP Address
    20.0.0.21
    State
    Enabled
    Name
    VPN Server 4

  10. Configure real server group 1 using the hash metric. Add real servers 1, 2, 3, and 4 to the group. See Configuring a real server group.

    Field
    in Device Manager
    Setting
    for WSM-3 and WSM-4
    Group
    1
    Name
    VPN Group
    Metric
    hash
    Real Servers
    1, 2, 3, 4

  11. Configure filters that allow local subnet traffic on the public side of the VPN device to reach the VPN device interfaces. Use the settings in the following table. See Creating a new filter.

    Field
    in Device Manager
    Setting
    for WSM-3 and WSM-4
    Index
    100
    Name
    VPN
    Filter
    Enabled
    Action
    Allow
    Source IP Address
    Any
    Destination IP Address
    192.168.10.0
    Destination IP Mask
    255.255.255.0
    Index
    110
    Name
    VPN
    Filter
    Enabled
    Action
    Allow
    Source IP Address
    Any
    Destination IP Address
    224.0.0.0
    Destination IP Mask
    255.0.0.0

  12. Create a filter to allow the management firewall (Policy Server) to reach the VPN firewall using the settings in the following table.

    Field
    in Device Manager
    Setting
    for WSM-3 and WSM-4
    Index
    120
    Name
    VPN
    Filter
    Enabled
    Action
    Allow
    Source IP Address
    192.168.10.120
    Source IP Mask
    255.255.255.255
    Destination IP Address
    10.0.0.0
    Destination IP Mask
    255.255.255.0

  13. Create the redirection filter and enable firewall load balancing using the settings in the following table. This filter will redirect inbound traffic among the defined real servers in the group.

    Field
    in Device Manager
    Setting
    for WSM-3 and WSM-4
    Index
    224
    Name
    VPN Redirect FWLB
    Filter
    Enabled
    Action
    Redirect
    Source IP Address
    any
    Destination IP Address
    any
    Protocol
    any
    Redirection Port
    1
    Firewall Redirect Hash
    Enabled

  14. Enable filter processing on the ingress port (port 1). See Enabling or disabling filtering on a port.
  15. Add filters to the ingress port (port 1). For more information, see Applying filters to a port.

    Field
    in Device Manager
    Setting
    for WSM-1
    Port
    1
    Filtering
    Enabled
    Filters Applied
    100, 110, 224

  16. Apply and save the configuration, and reboot the WSM.

See also:


Go back one pageGo to the next page##Go to this book's Index