| Configuring the WSM using Device Manager |
The WSM can simultaneously load balance up to 255 VPN devices while ensuring that the traffic returns back to the same VPN server from which it started.
Traffic coming from the Internet is usually addressed to the VPNs, with the real destination encrypted inside the datagram. Traffic from the VPNs to the intranet contains the real destination in the clear. Using the hash algorithm on the source and destination address may not be possible in many VPN/firewall configurations because the address may be encrypted inside the datagram. Also, the source/destination IP address of the packet may change as the packet traverses from the public-side WSM to private-side WSM and back.
The WSM records state information in a session table for frames entering the WSM to and from the VPNs. This session table ensures that the same VPN server handles all the traffic between an inside host and an outside client for a particular session.
Note:
VPN load balancing is supported for connecting from remote sites to the network behind the VPN cluster IP address. Connections initiated from clients internal to the VPN gateways is not supported.
The figure below illustrates the basic frame flow of a request arriving from the Internet. An external client is accessing an internal server. No network address translation (NAT) is performed by the VPN devices.
See also: