Configure IKEv2 load balancer instances in the Instances table.
- VRRP-ID
- VRRP-ID (Router ID) to be used for this IKEv2 load balancer instance. VRRP must be enabled and configured for this VRRP-ID on this device.Possible values:
- 0 to 255
- Default: 1
- VLB Interface
- Defines the interface or logical network on which the IKEv2 load balancer should accept VPN tunnels. VRRP must also be configured and active on this interface.
- VLB ID
- Defines the unique identifier of the load balancer instance. Default: 1
- Local IPv4 redirect target
- IPv4 address or FQDN where the device should accept VPN tunnels. A VPN client will be redirected to this address by the master in the load balancer group.Note: This is not the virtual VRRP IP address.
- Local IPv6 redirect target
- Global IPv6 address or FQDN where the device should accept VPN tunnels. A VPN client will be redirected to this address by the master in the load balancer group. Link-local addresses are not supported.Note: This is not the virtual VRRP IP address.
- Message profile
- Message profile used for this instance. The message profile includes the parameters for the status protocol, which the device uses to communicate its status information to the load balancer group.Default: DEFAULT.
Important: If an IPv6 address is configured here, the IPv6 firewall rule ALLOW_VLB must also be enabled.
- Redirection mode
- Defines the phase during the IKEv2 negotiation in which the VPN gateway redirects clients to another gateway.Note: This parameter is only effective if the device is the VRRP master.Possible values:
- IKEv2-Init (Default)
- The redirect message is sent within the IKE_SA_INIT response of the VPN gateway.
- IKEv2-Auth
- The redirect message is sent during the IKE_AUTH phase after the client has authenticated with the VPN gateway.
- Redirection destinations
- Defines the redirection target to which VPN clients are forwarded.Note: This parameter is only effective if the device is the VRRP master.Possible values:
- Local or remote
- Clients are redirected to both the device's own IP address and other remote gateways in the group.
- Remote only
- Clients are only redirected to other VPN gateways. This results in VPN clients being evenly distributed among all other gateways except the master gateway.
Note: This configuration is suitable for scenarios where the load balancer master only distributes clients but does not terminate VPN tunnels itself. - Comment
- Provide a meaningful description for this entry.
